You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by hi...@apache.org on 2016/09/13 22:56:03 UTC
[01/15] incubator-geode git commit: GEODE-37 Renamed security related
stuff
Repository: incubator-geode
Updated Branches:
refs/heads/feature/GEODE-37_2 7c20e6931 -> 9d7a6960a
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/org/apache/geode/security/generator/authz-dummy.xml
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/org/apache/geode/security/generator/authz-dummy.xml b/geode-core/src/test/resources/org/apache/geode/security/generator/authz-dummy.xml
new file mode 100644
index 0000000..de0cd17
--- /dev/null
+++ b/geode-core/src/test/resources/org/apache/geode/security/generator/authz-dummy.xml
@@ -0,0 +1,124 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one or more
+ ~ contributor license agreements. See the NOTICE file distributed with
+ ~ this work for additional information regarding copyright ownership.
+ ~ The ASF licenses this file to You under the Apache License, Version 2.0
+ ~ (the "License"); you may not use this file except in compliance with
+ ~ the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License.
+ -->
+
+<!DOCTYPE acl PUBLIC "-//GemStone Systems, Inc.//GemFire XML Authorization 1.0//EN"
+ "com/gemstone/gemfire/security/templates/authz6_0.dtd" >
+<acl>
+
+ <role name="reader">
+ <user>reader0</user>
+ <user>reader1</user>
+ <user>reader2</user>
+ <user>root</user>
+ <user>admin</user>
+ <user>administrator</user>
+ </role>
+
+ <role name="writer">
+ <user>writer0</user>
+ <user>writer1</user>
+ <user>writer2</user>
+ <user>root</user>
+ <user>admin</user>
+ <user>administrator</user>
+ </role>
+
+ <role name="cacheOps">
+ <user>root</user>
+ <user>admin</user>
+ <user>administrator</user>
+ </role>
+
+ <role name="queryRegions">
+ <user>reader3</user>
+ <user>reader4</user>
+ </role>
+
+ <role name="registerInterest">
+ <user>reader5</user>
+ <user>reader6</user>
+ </role>
+
+ <role name="unregisterInterest">
+ <user>reader5</user>
+ <user>reader7</user>
+ </role>
+
+ <role name="onRegionFunctionExecutor">
+ <user>reader8</user>
+ </role>
+
+ <role name="onServerFunctionExecutor">
+ <user>reader9</user>
+ </role>
+
+ <permission role="cacheOps">
+ <operation>QUERY</operation>
+ <operation>EXECUTE_CQ</operation>
+ <operation>STOP_CQ</operation>
+ <operation>CLOSE_CQ</operation>
+ <operation>REGION_CREATE</operation>
+ <operation>REGION_DESTROY</operation>
+ </permission>
+
+ <permission role="reader">
+ <operation>GET</operation>
+ <operation>REGISTER_INTEREST</operation>
+ <operation>UNREGISTER_INTEREST</operation>
+ <operation>KEY_SET</operation>
+ <operation>CONTAINS_KEY</operation>
+ <operation>EXECUTE_FUNCTION</operation>
+ </permission>
+
+ <permission role="writer">
+ <operation>PUT</operation>
+ <operation>PUTALL</operation>
+ <operation>DESTROY</operation>
+ <operation>INVALIDATE</operation>
+ <operation>REGION_CLEAR</operation>
+ </permission>
+
+ <permission role="queryRegions" regions="//Portfolios,/Positions/,AuthRegion">
+ <operation>QUERY</operation>
+ <operation>EXECUTE_CQ</operation>
+ <operation>STOP_CQ</operation>
+ <operation>CLOSE_CQ</operation>
+ </permission>
+
+ <permission role="onRegionFunctionExecutor" regions="secureRegion,Positions">
+ <operation>PUT</operation>
+ <operation functionIds="SecureFunction,OptimizationFunction" optimizeForWrite="false" keySet="KEY-0,KEY-1">EXECUTE_FUNCTION</operation>
+ </permission>
+
+ <permission role="onServerFunctionExecutor" >
+ <operation>PUT</operation>
+ <operation functionIds="SecureFunction,OptimizationFunction">EXECUTE_FUNCTION</operation>
+ </permission>
+
+ <permission role="registerInterest">
+ <operation>REGISTER_INTEREST</operation>
+ <operation>GET</operation>
+ </permission>
+
+ <permission role="unregisterInterest">
+ <operation>UNREGISTER_INTEREST</operation>
+ <operation>GET</operation>
+ </permission>
+
+</acl>
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/org/apache/geode/security/generator/authz-ldap.xml
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/org/apache/geode/security/generator/authz-ldap.xml b/geode-core/src/test/resources/org/apache/geode/security/generator/authz-ldap.xml
new file mode 100644
index 0000000..cdfd478
--- /dev/null
+++ b/geode-core/src/test/resources/org/apache/geode/security/generator/authz-ldap.xml
@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one or more
+ ~ contributor license agreements. See the NOTICE file distributed with
+ ~ this work for additional information regarding copyright ownership.
+ ~ The ASF licenses this file to You under the Apache License, Version 2.0
+ ~ (the "License"); you may not use this file except in compliance with
+ ~ the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License.
+ -->
+
+<!DOCTYPE acl PUBLIC "-//GemStone Systems, Inc.//GemFire XML Authorization 1.0//EN"
+ "com/gemstone/gemfire/security/templates/authz5_5.dtd" >
+<acl>
+
+ <role name="reader">
+ <user>gemfire1</user>
+ <user>gemfire2</user>
+ <user>gemfire3</user>
+ <user>gemfire4</user>
+ <user>gemfire5</user>
+ </role>
+
+ <role name="writer">
+ <user>gemfire1</user>
+ <user>gemfire2</user>
+ <user>gemfire6</user>
+ <user>gemfire7</user>
+ <user>gemfire8</user>
+ </role>
+
+ <role name="cacheOps">
+ <user>gemfire1</user>
+ <user>gemfire2</user>
+ </role>
+
+ <role name="queryRegions">
+ <user>gemfire9</user>
+ <user>gemfire10</user>
+ </role>
+
+ <permission role="cacheOps">
+ <operation>QUERY</operation>
+ <operation>EXECUTE_CQ</operation>
+ <operation>STOP_CQ</operation>
+ <operation>CLOSE_CQ</operation>
+ <operation>REGION_CREATE</operation>
+ <operation>REGION_DESTROY</operation>
+ </permission>
+
+ <permission role="reader">
+ <operation>GET</operation>
+ <operation>REGISTER_INTEREST</operation>
+ <operation>UNREGISTER_INTEREST</operation>
+ <operation>KEY_SET</operation>
+ <operation>CONTAINS_KEY</operation>
+ <operation>EXECUTE_FUNCTION</operation>
+ </permission>
+
+ <permission role="writer">
+ <operation>PUT</operation>
+ <operation>PUTALL</operation>
+ <operation>DESTROY</operation>
+ <operation>INVALIDATE</operation>
+ <operation>REGION_CLEAR</operation>
+ </permission>
+
+ <permission role="queryRegions" regions="Portfolios,/Positions//,/AuthRegion">
+ <operation>QUERY</operation>
+ <operation>EXECUTE_CQ</operation>
+ <operation>STOP_CQ</operation>
+ <operation>CLOSE_CQ</operation>
+ </permission>
+
+</acl>
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/org/apache/geode/security/generator/authz-multiUser-dummy.xml
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/org/apache/geode/security/generator/authz-multiUser-dummy.xml b/geode-core/src/test/resources/org/apache/geode/security/generator/authz-multiUser-dummy.xml
new file mode 100644
index 0000000..f64eb2e
--- /dev/null
+++ b/geode-core/src/test/resources/org/apache/geode/security/generator/authz-multiUser-dummy.xml
@@ -0,0 +1,104 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one or more
+ ~ contributor license agreements. See the NOTICE file distributed with
+ ~ this work for additional information regarding copyright ownership.
+ ~ The ASF licenses this file to You under the Apache License, Version 2.0
+ ~ (the "License"); you may not use this file except in compliance with
+ ~ the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License.
+ -->
+
+<!DOCTYPE acl PUBLIC "-//GemStone Systems, Inc.//GemFire XML Authorization 1.0//EN"
+ "com/gemstone/gemfire/security/templates/authz6_0.dtd" >
+<acl>
+
+ <role name="reader">
+ <user>user1</user>
+ <user>user2</user>
+ <user>root</user>
+ <user>admin</user>
+ <user>administrator</user>
+ </role>
+
+ <role name="writer">
+ <user>user3</user>
+ <user>user4</user>
+ <user>root</user>
+ <user>admin</user>
+ <user>administrator</user>
+ </role>
+
+ <role name="cacheOps">
+ <user>user1</user>
+ <user>user2</user>
+ <user>root</user>
+ <user>admin</user>
+ <user>administrator</user>
+ </role>
+
+ <role name="queryRegions">
+ <user>user5</user>
+ <user>user6</user>
+ </role>
+
+ <role name="registerInterest">
+ <user>user7</user>
+ <user>user8</user>
+ </role>
+
+ <role name="unregisterInterest">
+ <user>user5</user>
+ <user>user7</user>
+ </role>
+
+ <permission role="cacheOps">
+ <operation>QUERY</operation>
+ <operation>EXECUTE_CQ</operation>
+ <operation>STOP_CQ</operation>
+ <operation>CLOSE_CQ</operation>
+ </permission>
+
+ <permission role="reader">
+ <operation>GET</operation>
+ <operation>REGISTER_INTEREST</operation>
+ <operation>UNREGISTER_INTEREST</operation>
+ <operation>KEY_SET</operation>
+ <operation>CONTAINS_KEY</operation>
+ <operation>EXECUTE_FUNCTION</operation>
+ </permission>
+
+ <permission role="writer">
+ <operation>PUT</operation>
+ <operation>PUTALL</operation>
+ <operation>DESTROY</operation>
+ <operation>INVALIDATE</operation>
+ <operation>REGION_CLEAR</operation>
+ </permission>
+
+ <permission role="queryRegions" regions="//Portfolios,/Positions/,AuthRegion">
+ <operation>QUERY</operation>
+ <operation>EXECUTE_CQ</operation>
+ <operation>STOP_CQ</operation>
+ <operation>CLOSE_CQ</operation>
+ </permission>
+
+ <permission role="registerInterest">
+ <operation>REGISTER_INTEREST</operation>
+ <operation>GET</operation>
+ </permission>
+
+ <permission role="unregisterInterest">
+ <operation>UNREGISTER_INTEREST</operation>
+ <operation>GET</operation>
+ </permission>
+
+</acl>
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/org/apache/geode/security/generator/authz-multiUser-ldap.xml
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/org/apache/geode/security/generator/authz-multiUser-ldap.xml b/geode-core/src/test/resources/org/apache/geode/security/generator/authz-multiUser-ldap.xml
new file mode 100644
index 0000000..5469972
--- /dev/null
+++ b/geode-core/src/test/resources/org/apache/geode/security/generator/authz-multiUser-ldap.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one or more
+ ~ contributor license agreements. See the NOTICE file distributed with
+ ~ this work for additional information regarding copyright ownership.
+ ~ The ASF licenses this file to You under the Apache License, Version 2.0
+ ~ (the "License"); you may not use this file except in compliance with
+ ~ the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License.
+ -->
+
+<!DOCTYPE acl PUBLIC "-//GemStone Systems, Inc.//GemFire XML Authorization 1.0//EN"
+ "com/gemstone/gemfire/security/templates/authz5_5.dtd" >
+<acl>
+
+ <role name="reader">
+ <user>gemfire1</user>
+ <user>gemfire2</user>
+ <user>gemfire3</user>
+ <user>gemfire4</user>
+ <user>gemfire5</user>
+ </role>
+
+ <role name="writer">
+ <user>gemfire1</user>
+ <user>gemfire2</user>
+ <user>gemfire6</user>
+ <user>gemfire7</user>
+ <user>gemfire8</user>
+ </role>
+
+ <role name="cacheOps">
+ <user>gemfire1</user>
+ <user>gemfire2</user>
+ </role>
+
+ <role name="queryRegions">
+ <user>gemfire9</user>
+ <user>gemfire10</user>
+ </role>
+
+ <permission role="cacheOps">
+ <operation>QUERY</operation>
+ <operation>EXECUTE_CQ</operation>
+ <operation>STOP_CQ</operation>
+ <operation>CLOSE_CQ</operation>
+ </permission>
+
+ <permission role="reader">
+ <operation>GET</operation>
+ <operation>REGISTER_INTEREST</operation>
+ <operation>UNREGISTER_INTEREST</operation>
+ <operation>KEY_SET</operation>
+ <operation>CONTAINS_KEY</operation>
+ <operation>EXECUTE_FUNCTION</operation>
+ </permission>
+
+ <permission role="writer">
+ <operation>PUT</operation>
+ <operation>PUTALL</operation>
+ <operation>DESTROY</operation>
+ <operation>INVALIDATE</operation>
+ <operation>REGION_CLEAR</operation>
+ </permission>
+
+ <permission role="queryRegions" regions="Portfolios,/Positions//,/AuthRegion">
+ <operation>QUERY</operation>
+ <operation>EXECUTE_CQ</operation>
+ <operation>STOP_CQ</operation>
+ <operation>CLOSE_CQ</operation>
+ </permission>
+
+</acl>
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/org/apache/geode/security/generator/keys/gemfire1.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/org/apache/geode/security/generator/keys/gemfire1.keystore b/geode-core/src/test/resources/org/apache/geode/security/generator/keys/gemfire1.keystore
new file mode 100644
index 0000000..15270bb
Binary files /dev/null and b/geode-core/src/test/resources/org/apache/geode/security/generator/keys/gemfire1.keystore differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/org/apache/geode/security/generator/keys/gemfire10.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/org/apache/geode/security/generator/keys/gemfire10.keystore b/geode-core/src/test/resources/org/apache/geode/security/generator/keys/gemfire10.keystore
new file mode 100644
index 0000000..bb6f827
Binary files /dev/null and b/geode-core/src/test/resources/org/apache/geode/security/generator/keys/gemfire10.keystore differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/org/apache/geode/security/generator/keys/gemfire11.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/org/apache/geode/security/generator/keys/gemfire11.keystore b/geode-core/src/test/resources/org/apache/geode/security/generator/keys/gemfire11.keystore
new file mode 100644
index 0000000..6839c74
Binary files /dev/null and b/geode-core/src/test/resources/org/apache/geode/security/generator/keys/gemfire11.keystore differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/org/apache/geode/security/generator/keys/gemfire2.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/org/apache/geode/security/generator/keys/gemfire2.keystore b/geode-core/src/test/resources/org/apache/geode/security/generator/keys/gemfire2.keystore
new file mode 100644
index 0000000..fcb7ab8
Binary files /dev/null and b/geode-core/src/test/resources/org/apache/geode/security/generator/keys/gemfire2.keystore differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/org/apache/geode/security/generator/keys/gemfire3.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/org/apache/geode/security/generator/keys/gemfire3.keystore b/geode-core/src/test/resources/org/apache/geode/security/generator/keys/gemfire3.keystore
new file mode 100644
index 0000000..19afc4b
Binary files /dev/null and b/geode-core/src/test/resources/org/apache/geode/security/generator/keys/gemfire3.keystore differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/org/apache/geode/security/generator/keys/gemfire4.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/org/apache/geode/security/generator/keys/gemfire4.keystore b/geode-core/src/test/resources/org/apache/geode/security/generator/keys/gemfire4.keystore
new file mode 100644
index 0000000..c65916a
Binary files /dev/null and b/geode-core/src/test/resources/org/apache/geode/security/generator/keys/gemfire4.keystore differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/org/apache/geode/security/generator/keys/gemfire5.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/org/apache/geode/security/generator/keys/gemfire5.keystore b/geode-core/src/test/resources/org/apache/geode/security/generator/keys/gemfire5.keystore
new file mode 100644
index 0000000..d738cca
Binary files /dev/null and b/geode-core/src/test/resources/org/apache/geode/security/generator/keys/gemfire5.keystore differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/org/apache/geode/security/generator/keys/gemfire6.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/org/apache/geode/security/generator/keys/gemfire6.keystore b/geode-core/src/test/resources/org/apache/geode/security/generator/keys/gemfire6.keystore
new file mode 100644
index 0000000..1fea2d3
Binary files /dev/null and b/geode-core/src/test/resources/org/apache/geode/security/generator/keys/gemfire6.keystore differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/org/apache/geode/security/generator/keys/gemfire7.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/org/apache/geode/security/generator/keys/gemfire7.keystore b/geode-core/src/test/resources/org/apache/geode/security/generator/keys/gemfire7.keystore
new file mode 100644
index 0000000..7a3187c
Binary files /dev/null and b/geode-core/src/test/resources/org/apache/geode/security/generator/keys/gemfire7.keystore differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/org/apache/geode/security/generator/keys/gemfire8.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/org/apache/geode/security/generator/keys/gemfire8.keystore b/geode-core/src/test/resources/org/apache/geode/security/generator/keys/gemfire8.keystore
new file mode 100644
index 0000000..a3bb886
Binary files /dev/null and b/geode-core/src/test/resources/org/apache/geode/security/generator/keys/gemfire8.keystore differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/org/apache/geode/security/generator/keys/gemfire9.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/org/apache/geode/security/generator/keys/gemfire9.keystore b/geode-core/src/test/resources/org/apache/geode/security/generator/keys/gemfire9.keystore
new file mode 100644
index 0000000..674b4e6
Binary files /dev/null and b/geode-core/src/test/resources/org/apache/geode/security/generator/keys/gemfire9.keystore differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/org/apache/geode/security/generator/keys/ibm/gemfire1.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/org/apache/geode/security/generator/keys/ibm/gemfire1.keystore b/geode-core/src/test/resources/org/apache/geode/security/generator/keys/ibm/gemfire1.keystore
new file mode 100644
index 0000000..4f9120c
Binary files /dev/null and b/geode-core/src/test/resources/org/apache/geode/security/generator/keys/ibm/gemfire1.keystore differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/org/apache/geode/security/generator/keys/ibm/gemfire10.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/org/apache/geode/security/generator/keys/ibm/gemfire10.keystore b/geode-core/src/test/resources/org/apache/geode/security/generator/keys/ibm/gemfire10.keystore
new file mode 100644
index 0000000..0bd97d77
Binary files /dev/null and b/geode-core/src/test/resources/org/apache/geode/security/generator/keys/ibm/gemfire10.keystore differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/org/apache/geode/security/generator/keys/ibm/gemfire11.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/org/apache/geode/security/generator/keys/ibm/gemfire11.keystore b/geode-core/src/test/resources/org/apache/geode/security/generator/keys/ibm/gemfire11.keystore
new file mode 100644
index 0000000..62ae3c7
Binary files /dev/null and b/geode-core/src/test/resources/org/apache/geode/security/generator/keys/ibm/gemfire11.keystore differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/org/apache/geode/security/generator/keys/ibm/gemfire2.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/org/apache/geode/security/generator/keys/ibm/gemfire2.keystore b/geode-core/src/test/resources/org/apache/geode/security/generator/keys/ibm/gemfire2.keystore
new file mode 100644
index 0000000..c65bc81
Binary files /dev/null and b/geode-core/src/test/resources/org/apache/geode/security/generator/keys/ibm/gemfire2.keystore differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/org/apache/geode/security/generator/keys/ibm/gemfire3.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/org/apache/geode/security/generator/keys/ibm/gemfire3.keystore b/geode-core/src/test/resources/org/apache/geode/security/generator/keys/ibm/gemfire3.keystore
new file mode 100644
index 0000000..b0796e0
Binary files /dev/null and b/geode-core/src/test/resources/org/apache/geode/security/generator/keys/ibm/gemfire3.keystore differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/org/apache/geode/security/generator/keys/ibm/gemfire4.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/org/apache/geode/security/generator/keys/ibm/gemfire4.keystore b/geode-core/src/test/resources/org/apache/geode/security/generator/keys/ibm/gemfire4.keystore
new file mode 100644
index 0000000..9c94018
Binary files /dev/null and b/geode-core/src/test/resources/org/apache/geode/security/generator/keys/ibm/gemfire4.keystore differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/org/apache/geode/security/generator/keys/ibm/gemfire5.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/org/apache/geode/security/generator/keys/ibm/gemfire5.keystore b/geode-core/src/test/resources/org/apache/geode/security/generator/keys/ibm/gemfire5.keystore
new file mode 100644
index 0000000..33f6937
Binary files /dev/null and b/geode-core/src/test/resources/org/apache/geode/security/generator/keys/ibm/gemfire5.keystore differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/org/apache/geode/security/generator/keys/ibm/gemfire6.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/org/apache/geode/security/generator/keys/ibm/gemfire6.keystore b/geode-core/src/test/resources/org/apache/geode/security/generator/keys/ibm/gemfire6.keystore
new file mode 100644
index 0000000..568f674
Binary files /dev/null and b/geode-core/src/test/resources/org/apache/geode/security/generator/keys/ibm/gemfire6.keystore differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/org/apache/geode/security/generator/keys/ibm/gemfire7.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/org/apache/geode/security/generator/keys/ibm/gemfire7.keystore b/geode-core/src/test/resources/org/apache/geode/security/generator/keys/ibm/gemfire7.keystore
new file mode 100644
index 0000000..80e2d80
Binary files /dev/null and b/geode-core/src/test/resources/org/apache/geode/security/generator/keys/ibm/gemfire7.keystore differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/org/apache/geode/security/generator/keys/ibm/gemfire8.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/org/apache/geode/security/generator/keys/ibm/gemfire8.keystore b/geode-core/src/test/resources/org/apache/geode/security/generator/keys/ibm/gemfire8.keystore
new file mode 100644
index 0000000..a15def5
Binary files /dev/null and b/geode-core/src/test/resources/org/apache/geode/security/generator/keys/ibm/gemfire8.keystore differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/org/apache/geode/security/generator/keys/ibm/gemfire9.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/org/apache/geode/security/generator/keys/ibm/gemfire9.keystore b/geode-core/src/test/resources/org/apache/geode/security/generator/keys/ibm/gemfire9.keystore
new file mode 100644
index 0000000..72087f3
Binary files /dev/null and b/geode-core/src/test/resources/org/apache/geode/security/generator/keys/ibm/gemfire9.keystore differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/org/apache/geode/security/generator/keys/ibm/publickeyfile
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/org/apache/geode/security/generator/keys/ibm/publickeyfile b/geode-core/src/test/resources/org/apache/geode/security/generator/keys/ibm/publickeyfile
new file mode 100644
index 0000000..1b13872
Binary files /dev/null and b/geode-core/src/test/resources/org/apache/geode/security/generator/keys/ibm/publickeyfile differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/org/apache/geode/security/generator/keys/publickeyfile
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/org/apache/geode/security/generator/keys/publickeyfile b/geode-core/src/test/resources/org/apache/geode/security/generator/keys/publickeyfile
new file mode 100644
index 0000000..9c2daa3
Binary files /dev/null and b/geode-core/src/test/resources/org/apache/geode/security/generator/keys/publickeyfile differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/org/apache/geode/security/peerAuth.json
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/org/apache/geode/security/peerAuth.json b/geode-core/src/test/resources/org/apache/geode/security/peerAuth.json
new file mode 100644
index 0000000..9bd8936
--- /dev/null
+++ b/geode-core/src/test/resources/org/apache/geode/security/peerAuth.json
@@ -0,0 +1,36 @@
+{
+ "users": [
+ {
+ "name": "locator1",
+ "password": "1234567",
+ "roles": [
+ ]
+ },
+ {
+ "name": "server1",
+ "password": "1234567",
+ "roles": [
+ ]
+ },
+ {
+ "name": "server2",
+ "password": "1234567",
+ "roles": [
+ ]
+ }
+ ]
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/org/apache/geode/security/templates/authz5_5.dtd
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/org/apache/geode/security/templates/authz5_5.dtd b/geode-core/src/test/resources/org/apache/geode/security/templates/authz5_5.dtd
new file mode 100644
index 0000000..7080c0e
--- /dev/null
+++ b/geode-core/src/test/resources/org/apache/geode/security/templates/authz5_5.dtd
@@ -0,0 +1,105 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements. See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<!--
+
+This is the XML DTD for the GemFire sample XML based authorization callback
+in com.gemstone.gemfire.security.templates.XmlAuthorization.
+
+All XMLs must include a DOCTYPE of the following form:
+
+ <!DOCTYPE acl PUBLIC
+ "-//GemStone Systems, Inc.//GemFire XML Authorization 1.0//EN"
+ "http://www.gemstone.com/dtd/authz5_5.dtd">
+
+The contents of a declarative XML file correspond to APIs found in the
+
+ com.gemstone.gemfire.security.AccessControl
+
+package. The sample implementation may be used to specify access control
+policies.
+
+-->
+
+<!--
+
+The following conventions apply to all GemFire sample authorization
+XML file elements unless indicated otherwise.
+
+- In elements that contain PCDATA, leading and trailing whitespace in
+ the data may be ignored.
+
+- In elements whose value is an "enumerated type", the value is case
+ sensitive.
+
+-->
+
+
+<!--
+The "acl" element is the root element of the authorization file.
+This element contains the role to user mappings and role to permissions
+mapping on a per region per operation basis.
+-->
+
+<!ELEMENT acl (role+,permission+)>
+
+<!--
+The "role" element contains the set of users that have the permissions of
+given role. A user can be present in more than one "role" elements in
+which case the union of the permissions to all those roles determines
+the full set of permissions to be given to the user.
+-->
+
+<!ELEMENT role (user*)>
+<!ATTLIST role
+ name CDATA #REQUIRED
+>
+
+<!--
+The "user" element is contained within the "role" element and contains
+the name of a user having the permissions of that role.
+-->
+
+<!ELEMENT user (#PCDATA)>
+
+<!--
+The "permission" element specifies the list of operations that are allowed
+for a particular role in the given regions as provided in the optional
+"regions" attribute. The value of "regions" attribute should be a comma
+separated list of region names for which permissions are to be provided.
+If no "regions" attribute is provided then those permissions are provided
+for all the other regions (i.e. other than those that have been explicitly
+specified). Permissions for cache level operations REGION_DESTROY,
+REGION_CREATE, QUERY and CQ operations should be specified with no "regions"
+attribute. If cache-level permission is not provided for QUERY or CQ operations
+then the permission for all the region names in the query string is checked.
+-->
+
+<!ELEMENT permission (operation*)>
+<!ATTLIST permission
+ role CDATA #REQUIRED
+ regions CDATA #IMPLIED
+>
+
+
+<!--
+The operation should be one of the following strings:
+ GET, PUT, PUTALL, DESTROY, REGISTER_INTEREST, UNREGISTER_INTEREST,
+ CONTAINS_KEY, KEY_SET, QUERY, EXECUTE_CQ, STOP_CQ, CLOSE_CQ, REGION_CLEAR,
+ REGION_CREATE, REGION_DESTROY
+-->
+<!ELEMENT operation (#PCDATA)>
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/org/apache/geode/security/templates/authz6_0.dtd
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/org/apache/geode/security/templates/authz6_0.dtd b/geode-core/src/test/resources/org/apache/geode/security/templates/authz6_0.dtd
new file mode 100755
index 0000000..a77563a
--- /dev/null
+++ b/geode-core/src/test/resources/org/apache/geode/security/templates/authz6_0.dtd
@@ -0,0 +1,110 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements. See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<!--
+
+This is the XML DTD for the GemFire sample XML based authorization callback
+in com.gemstone.gemfire.security.templates.XmlAuthorization.
+
+All XMLs must include a DOCTYPE of the following form:
+
+ <!DOCTYPE acl PUBLIC
+ "-//GemStone Systems, Inc.//GemFire XML Authorization 1.0//EN"
+ "http://www.gemstone.com/dtd/authz5_5.dtd">
+
+The contents of a declarative XML file correspond to APIs found in the
+
+ com.gemstone.gemfire.security.AccessControl
+
+package. The sample implementation may be used to specify access control
+policies.
+
+-->
+
+<!--
+
+The following conventions apply to all GemFire sample authorization
+XML file elements unless indicated otherwise.
+
+- In elements that contain PCDATA, leading and trailing whitespace in
+ the data may be ignored.
+
+- In elements whose value is an "enumerated type", the value is case
+ sensitive.
+
+-->
+
+
+<!--
+The "acl" element is the root element of the authorization file.
+This element contains the role to user mappings and role to permissions
+mapping on a per region per operation basis.
+-->
+
+<!ELEMENT acl (role+,permission+)>
+
+<!--
+The "role" element contains the set of users that have the permissions of
+given role. A user can be present in more than one "role" elements in
+which case the union of the permissions to all those roles determines
+the full set of permissions to be given to the user.
+-->
+
+<!ELEMENT role (user*)>
+<!ATTLIST role
+ name CDATA #REQUIRED
+>
+
+<!--
+The "user" element is contained within the "role" element and contains
+the name of a user having the permissions of that role.
+-->
+
+<!ELEMENT user (#PCDATA)>
+
+<!--
+The "permission" element specifies the list of operations that are allowed
+for a particular role in the given regions as provided in the optional
+"regions" attribute. The value of "regions" attribute should be a comma
+separated list of region names for which permissions are to be provided.
+If no "regions" attribute is provided then those permissions are provided
+for all the other regions (i.e. other than those that have been explicitly
+specified). Permissions for cache level operations REGION_DESTROY,
+REGION_CREATE, QUERY and CQ operations should be specified with no "regions"
+attribute. If cache-level permission is not provided for QUERY or CQ operations
+then the permission for all the region names in the query string is checked.
+-->
+
+<!ELEMENT permission (operation*)>
+<!ATTLIST permission
+ role CDATA #REQUIRED
+ regions CDATA #IMPLIED
+>
+
+
+<!--
+The operation should be one of the following strings:
+ GET, PUT, PUTALL, DESTROY, REGISTER_INTEREST, UNREGISTER_INTEREST,
+ CONTAINS_KEY, KEY_SET, QUERY, EXECUTE_CQ, STOP_CQ, CLOSE_CQ, REGION_CLEAR,
+ REGION_CREATE, REGION_DESTROY
+-->
+<!ELEMENT operation (#PCDATA)>
+<!ATTLIST operation
+ functionIds CDATA #IMPLIED
+ optimizeForWrite CDATA #IMPLIED
+ keySet CDATA #IMPLIED
+>
[07/15] incubator-geode git commit: GEODE-37 Renamed security related
stuff
Posted by hi...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/ClientAuthorizationDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/ClientAuthorizationDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/ClientAuthorizationDUnitTest.java
new file mode 100644
index 0000000..79feae9
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/ClientAuthorizationDUnitTest.java
@@ -0,0 +1,647 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import static com.gemstone.gemfire.internal.AvailablePort.*;
+import static com.gemstone.gemfire.security.SecurityTestUtils.*;
+import static com.gemstone.gemfire.test.dunit.Assert.*;
+import static com.gemstone.gemfire.test.dunit.IgnoredException.*;
+import static com.gemstone.gemfire.test.dunit.LogWriterUtils.*;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Properties;
+
+import com.gemstone.gemfire.internal.AvailablePortHelper;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
+import com.gemstone.gemfire.security.generator.AuthzCredentialGenerator;
+import com.gemstone.gemfire.security.generator.CredentialGenerator;
+import com.gemstone.gemfire.security.generator.DummyCredentialGenerator;
+import com.gemstone.gemfire.security.generator.XmlAuthzCredentialGenerator;
+import com.gemstone.gemfire.security.templates.UserPasswordAuthInit;
+import com.gemstone.gemfire.test.dunit.VM;
+import com.gemstone.gemfire.test.junit.categories.DistributedTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+
+/**
+ * Tests for authorization from client to server. This tests for authorization
+ * of all operations with both valid and invalid credentials/modules with
+ * pre-operation callbacks. It also checks for authorization in case of
+ * failover.
+ *
+ * @since GemFire 5.5
+ */
+@Category({ DistributedTest.class, SecurityTest.class })
+public class ClientAuthorizationDUnitTest extends ClientAuthorizationTestCase {
+
+ @Override
+ public final void preTearDownClientAuthorizationTestBase() throws Exception {
+ closeCache();
+ }
+
+ @Test
+ public void testAllowPutsGets() {
+ AuthzCredentialGenerator gen = getXmlAuthzGenerator();
+ CredentialGenerator cGen = gen.getCredentialGenerator();
+ Properties extraAuthProps = cGen.getSystemProperties();
+ Properties javaProps = cGen.getJavaProperties();
+ Properties extraAuthzProps = gen.getSystemProperties();
+ String authenticator = cGen.getAuthenticator();
+ String authInit = cGen.getAuthInit();
+ String accessor = gen.getAuthorizationCallback();
+
+ getLogWriter().info("testAllowPutsGets: Using authinit: " + authInit);
+ getLogWriter().info("testAllowPutsGets: Using authenticator: " + authenticator);
+ getLogWriter().info("testAllowPutsGets: Using accessor: " + accessor);
+
+ // Start servers with all required properties
+ Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps);
+
+ int port1 = createServer1(javaProps, serverProps);
+ int port2 = createServer2(javaProps, serverProps);
+
+ // Start client1 with valid CREATE credentials
+ Properties createCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.PUT }, new String[] { regionName }, 1);
+ javaProps = cGen.getJavaProperties();
+
+ getLogWriter().info("testAllowPutsGets: For first client credentials: " + createCredentials);
+
+ createClient1NoException(javaProps, authInit, port1, port2, createCredentials);
+
+ // Start client2 with valid GET credentials
+ Properties getCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.GET }, new String[] { regionName }, 2);
+ javaProps = cGen.getJavaProperties();
+
+ getLogWriter().info("testAllowPutsGets: For second client credentials: " + getCredentials);
+
+ createClient2NoException(javaProps, authInit, port1, port2, getCredentials);
+
+ // Perform some put operations from client1
+ client1.invoke(() -> doPuts(2, NO_EXCEPTION));
+
+ // Verify that the gets succeed
+ client2.invoke(() -> doGets(2, NO_EXCEPTION));
+ }
+
+ @Test
+ public void testPutAllWithSecurity() {
+ AuthzCredentialGenerator gen = getXmlAuthzGenerator();
+ CredentialGenerator cGen = gen.getCredentialGenerator();
+ Properties extraAuthProps = cGen.getSystemProperties();
+ Properties javaProps = cGen.getJavaProperties();
+ Properties extraAuthzProps = gen.getSystemProperties();
+ String authenticator = cGen.getAuthenticator();
+ String authInit = cGen.getAuthInit();
+ String accessor = gen.getAuthorizationCallback();
+
+ getLogWriter().info("testPutAllWithSecurity: Using authinit: " + authInit);
+ getLogWriter().info("testPutAllWithSecurity: Using authenticator: " + authenticator);
+ getLogWriter().info("testPutAllWithSecurity: Using accessor: " + accessor);
+
+ // Start servers with all required properties
+ Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps);
+
+ int port1 = createServer1(javaProps, serverProps);
+ int port2 = createServer2(javaProps, serverProps);
+
+ // Start client1 with valid CREATE credentials
+ Properties createCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.PUTALL }, new String[] { regionName }, 1);
+ javaProps = cGen.getJavaProperties();
+
+ getLogWriter().info("testPutAllWithSecurity: For first client credentials: " + createCredentials);
+
+ createClient1NoException(javaProps, authInit, port1, port2, createCredentials);
+
+ // Perform some put all operations from client1
+ client1.invoke(() -> doPutAllP());
+ }
+
+ @Test
+ public void testDisallowPutsGets() {
+ AuthzCredentialGenerator gen = getXmlAuthzGenerator();
+ CredentialGenerator cGen = gen.getCredentialGenerator();
+ Properties extraAuthProps = cGen.getSystemProperties();
+ Properties javaProps = cGen.getJavaProperties();
+ Properties extraAuthzProps = gen.getSystemProperties();
+ String authenticator = cGen.getAuthenticator();
+ String authInit = cGen.getAuthInit();
+ String accessor = gen.getAuthorizationCallback();
+
+ getLogWriter().info("testDisallowPutsGets: Using authinit: " + authInit);
+ getLogWriter().info("testDisallowPutsGets: Using authenticator: " + authenticator);
+ getLogWriter().info("testDisallowPutsGets: Using accessor: " + accessor);
+
+ // Check that we indeed can obtain valid credentials not allowed to do gets
+ Properties createCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.PUT }, new String[] { regionName }, 1);
+ Properties createJavaProps = cGen.getJavaProperties();
+
+ getLogWriter().info("testDisallowPutsGets: For first client credentials: " + createCredentials);
+
+ Properties getCredentials = gen.getDisallowedCredentials(new OperationCode[] { OperationCode.GET }, new String[] { regionName }, 2);
+ Properties getJavaProps = cGen.getJavaProperties();
+
+ getLogWriter().info("testDisallowPutsGets: For second client disallowed GET credentials: " + getCredentials);
+
+ // Start servers with all required properties
+ Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps);
+
+ int port1 = createServer1(javaProps, serverProps);
+ int port2 = createServer2(javaProps, serverProps);
+
+ createClient1NoException(createJavaProps, authInit, port1, port2, createCredentials);
+
+ createClient2NoException(getJavaProps, authInit, port1, port2, getCredentials);
+
+ // Perform some put operations from client1
+ client1.invoke(() -> doPuts(2, NO_EXCEPTION));
+
+ // Gets as normal user should throw exception
+ client2.invoke(() -> doGets(2, NOTAUTHZ_EXCEPTION));
+
+ // Try to connect client2 with reader credentials
+ getCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.GET }, new String[] { regionName }, 5);
+ getJavaProps = cGen.getJavaProperties();
+
+ getLogWriter().info("testDisallowPutsGets: For second client with GET credentials: " + getCredentials);
+
+ createClient2NoException(getJavaProps, authInit, port1, port2, getCredentials);
+
+ // Verify that the gets succeed
+ client2.invoke(() -> doGets(2, NO_EXCEPTION));
+
+ // Verify that the puts throw exception
+ client2.invoke(() -> doNPuts(2, NOTAUTHZ_EXCEPTION));
+ }
+
+ @Test
+ public void testInvalidAccessor() {
+ AuthzCredentialGenerator gen = getXmlAuthzGenerator();
+ CredentialGenerator cGen = gen.getCredentialGenerator();
+ Properties extraAuthProps = cGen.getSystemProperties();
+ Properties javaProps = cGen.getJavaProperties();
+ Properties extraAuthzProps = gen.getSystemProperties();
+ String authenticator = cGen.getAuthenticator();
+ String authInit = cGen.getAuthInit();
+ String accessor = gen.getAuthorizationCallback();
+
+ getLogWriter().info("testInvalidAccessor: Using authinit: " + authInit);
+ getLogWriter().info("testInvalidAccessor: Using authenticator: " + authenticator);
+
+ // Start server1 with invalid accessor
+ Properties serverProps = buildProperties(authenticator, "com.gemstone.none", false, extraAuthProps, extraAuthzProps);
+
+ int port1 = createServer1(javaProps, serverProps);
+ int port2 = getRandomAvailablePort(SOCKET);
+
+ // Client creation should throw exceptions
+ Properties createCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.PUT }, new String[] { regionName }, 3);
+ Properties createJavaProps = cGen.getJavaProperties();
+
+ getLogWriter().info("testInvalidAccessor: For first client CREATE credentials: " + createCredentials);
+
+ Properties getCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.GET }, new String[] { regionName }, 7);
+ Properties getJavaProps = cGen.getJavaProperties();
+
+ getLogWriter().info("testInvalidAccessor: For second client GET credentials: " + getCredentials);
+
+ client1.invoke(() -> ClientAuthenticationTestUtils.createCacheClient( authInit, createCredentials, createJavaProps, port1, port2, 0, false, false, NO_EXCEPTION));
+ client1.invoke(() -> doPuts(1, AUTHFAIL_EXCEPTION));
+
+ client2.invoke(() -> ClientAuthenticationTestUtils.createCacheClient( authInit, getCredentials, getJavaProps, port1, port2, 0, false, false, NO_EXCEPTION));
+ client2.invoke(() -> doPuts(1, AUTHFAIL_EXCEPTION));
+
+ // Now start server2 that has valid accessor
+ getLogWriter().info("testInvalidAccessor: Using accessor: " + accessor);
+ serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps);
+ createServer2(javaProps, serverProps, port2);
+ server1.invoke(() -> closeCache());
+
+ createClient1NoException(createJavaProps, authInit, port1, port2, createCredentials);
+ createClient2NoException(getJavaProps, authInit, port1, port2, getCredentials);
+
+ // Now perform some put operations from client1
+ client1.invoke(() -> doPuts(4, NO_EXCEPTION));
+
+ // Verify that the gets succeed
+ client2.invoke(() -> doGets(4, NO_EXCEPTION));
+ }
+
+ @Test
+ public void testPutsGetsWithFailover() {
+ AuthzCredentialGenerator gen = getXmlAuthzGenerator();
+ CredentialGenerator cGen = gen.getCredentialGenerator();
+ Properties extraAuthProps = cGen.getSystemProperties();
+ Properties javaProps = cGen.getJavaProperties();
+ Properties extraAuthzProps = gen.getSystemProperties();
+ String authenticator = cGen.getAuthenticator();
+ String authInit = cGen.getAuthInit();
+ String accessor = gen.getAuthorizationCallback();
+
+ getLogWriter().info("testPutsGetsWithFailover: Using authinit: " + authInit);
+ getLogWriter().info("testPutsGetsWithFailover: Using authenticator: " + authenticator);
+ getLogWriter().info("testPutsGetsWithFailover: Using accessor: " + accessor);
+
+ // Start servers with all required properties
+ Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps);
+
+ int port1 = createServer1(javaProps, serverProps);
+
+ // Get a port for second server but do not start it. This forces the clients to connect to the first server
+ int port2 = getRandomAvailablePort(SOCKET);
+
+ // Start client1 with valid CREATE credentials
+ Properties createCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.PUT }, new String[] { regionName }, 1);
+ Properties createJavaProps = cGen.getJavaProperties();
+
+ getLogWriter().info("testPutsGetsWithFailover: For first client credentials: " + createCredentials);
+
+ createClient1NoException(createJavaProps, authInit, port1, port2, createCredentials);
+
+ // Start client2 with valid GET credentials
+ Properties getCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.GET }, new String[] { regionName }, 5);
+ Properties getJavaProps = cGen.getJavaProperties();
+
+ getLogWriter().info("testPutsGetsWithFailover: For second client credentials: " + getCredentials);
+
+ createClient2NoException(getJavaProps, authInit, port1, port2, getCredentials);
+
+ // Perform some put operations from client1
+ client1.invoke(() -> doPuts(2, NO_EXCEPTION));
+
+ // Verify that the puts succeeded
+ client2.invoke(() -> doGets(2, NO_EXCEPTION));
+
+ createServer2(javaProps, serverProps, port2);
+ server1.invoke(() -> closeCache());
+
+ // Perform some put operations from client1
+ client1.invoke(() -> doNPuts(4, NO_EXCEPTION));
+
+ // Verify that the puts succeeded
+ client2.invoke(() -> doNGets(4, NO_EXCEPTION));
+
+ // Now re-connect with credentials not allowed to do gets
+ Properties noGetCredentials = gen.getDisallowedCredentials(new OperationCode[] { OperationCode.GET }, new String[] { regionName }, 9);
+ getJavaProps = cGen.getJavaProperties();
+
+ getLogWriter().info("testPutsGetsWithFailover: For second client disallowed GET credentials: " + noGetCredentials);
+
+ createClient2NoException(getJavaProps, authInit, port1, port2, noGetCredentials);
+
+ // Perform some put operations from client1
+ client1.invoke(() -> doPuts(4, NO_EXCEPTION));
+
+ // Gets as normal user should throw exception
+ client2.invoke(() -> doGets(4, NOTAUTHZ_EXCEPTION));
+
+ // force a failover and do the drill again
+ server1.invoke(() -> ClientAuthorizationTestCase.createCacheServer( getLocatorPort(), port1, serverProps, javaProps ));
+ server2.invoke(() -> closeCache());
+
+ // Perform some put operations from client1
+ client1.invoke(() -> doNPuts(4, NO_EXCEPTION));
+
+ // Gets as normal user should throw exception
+ client2.invoke(() -> doNGets(4, NOTAUTHZ_EXCEPTION));
+
+ createClient2NoException(getJavaProps, authInit, port1, port2, getCredentials);
+
+ // Verify that the gets succeed
+ client2.invoke(() -> doNGets(4, NO_EXCEPTION));
+
+ // Verify that the puts throw exception
+ client2.invoke(() -> doPuts(4, NOTAUTHZ_EXCEPTION));
+ }
+
+ @Test
+ public void testUnregisterInterestWithFailover() throws InterruptedException {
+ OperationWithAction[] unregisterOps = unregisterOpsForTestUnregisterInterestWithFailover();
+
+ AuthzCredentialGenerator gen = new XmlAuthzCredentialGenerator();
+ CredentialGenerator cGen = new DummyCredentialGenerator();
+ cGen.init();
+ gen.init(cGen);
+ Properties extraAuthProps = cGen.getSystemProperties();
+ Properties javaProps = cGen.getJavaProperties();
+ Properties extraAuthzProps = gen.getSystemProperties();
+ String authenticator = cGen.getAuthenticator();
+ String authInit = cGen.getAuthInit();
+ String accessor = gen.getAuthorizationCallback();
+
+ getLogWriter().info("testAllOpsWithFailover: Using authinit: " + authInit);
+ getLogWriter().info("testAllOpsWithFailover: Using authenticator: " + authenticator);
+ getLogWriter().info("testAllOpsWithFailover: Using accessor: " + accessor);
+
+ // Start servers with all required properties
+ Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps);
+
+ // Get ports for the servers
+ int[] randomAvailableTCPPorts = AvailablePortHelper.getRandomAvailableTCPPorts(2);
+ int port1 = randomAvailableTCPPorts[0];
+ int port2 = randomAvailableTCPPorts[1];
+
+ // Perform all the ops on the clients
+ List opBlock = new ArrayList();
+ for (int opNum = 0; opNum < unregisterOps.length; ++opNum) {
+
+ // Start client with valid credentials as specified in OperationWithAction
+ OperationWithAction currentOp = unregisterOps[opNum];
+ if (currentOp.equals(OperationWithAction.OPBLOCK_END) || currentOp.equals(OperationWithAction.OPBLOCK_NO_FAILOVER)) {
+
+ // End of current operation block; execute all the operations on the servers with/without failover
+ if (opBlock.size() > 0) {
+ // Start the first server and execute the operation block
+ server1.invoke(() -> ClientAuthorizationTestCase.createCacheServer(getLocatorPort(), port1, serverProps, javaProps));
+ server2.invoke(() -> closeCache());
+
+ executeRIOpBlock(opBlock, port1, port2, authInit, extraAuthProps, extraAuthzProps, javaProps);
+
+ if (!currentOp.equals(OperationWithAction.OPBLOCK_NO_FAILOVER)) {
+ createServer2(javaProps, serverProps, port2);
+ server1.invoke(() -> closeCache());
+
+ executeRIOpBlock(opBlock, port1, port2, authInit, extraAuthProps, extraAuthzProps, javaProps);
+ }
+ opBlock.clear();
+ }
+
+ } else {
+ currentOp.setOpNum(opNum);
+ opBlock.add(currentOp);
+ }
+ }
+ }
+
+ @Test
+ public void testAllOpsWithFailover() throws InterruptedException {
+ addIgnoredException("Read timed out");
+ runOpsWithFailOver(allOpsForAllOpsWithFailover(), "testAllOpsWithFailover");
+ }
+
+ private OperationWithAction[] unregisterOpsForTestUnregisterInterestWithFailover() {
+ return new OperationWithAction[] {
+ // Register interest in all KEYS using one key at a time
+ new OperationWithAction(OperationCode.REGISTER_INTEREST, OperationCode.UNREGISTER_INTEREST, 3, OpFlags.NONE, 4),
+ new OperationWithAction(OperationCode.REGISTER_INTEREST, 2),
+ // UPDATE and test with GET
+ new OperationWithAction(OperationCode.PUT),
+ new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP, 4),
+
+ // Unregister interest in all KEYS using one key at a time
+ new OperationWithAction(OperationCode.UNREGISTER_INTEREST, 3, OpFlags.USE_OLDCONN | OpFlags.CHECK_NOTAUTHZ, 4),
+ new OperationWithAction(OperationCode.UNREGISTER_INTEREST, 2, OpFlags.USE_OLDCONN, 4),
+ // UPDATE and test with GET for no updates
+ new OperationWithAction(OperationCode.PUT, 1, OpFlags.USE_OLDCONN | OpFlags.USE_NEWVAL, 4),
+ new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP, 4),
+
+ OperationWithAction.OPBLOCK_END,
+
+ // Register interest in all KEYS using list
+ new OperationWithAction(OperationCode.REGISTER_INTEREST, OperationCode.UNREGISTER_INTEREST, 3, OpFlags.USE_LIST, 4),
+ new OperationWithAction(OperationCode.REGISTER_INTEREST, 1, OpFlags.USE_LIST, 4),
+ // UPDATE and test with GET
+ new OperationWithAction(OperationCode.PUT, 2),
+ new OperationWithAction(OperationCode.GET, 1, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP, 4),
+
+ // Unregister interest in all KEYS using list
+ new OperationWithAction(OperationCode.UNREGISTER_INTEREST, 3, OpFlags.USE_OLDCONN | OpFlags.USE_LIST | OpFlags.CHECK_NOTAUTHZ, 4),
+ new OperationWithAction(OperationCode.UNREGISTER_INTEREST, 1, OpFlags.USE_OLDCONN | OpFlags.USE_LIST, 4),
+ // UPDATE and test with GET for no updates
+ new OperationWithAction(OperationCode.PUT, 2, OpFlags.USE_OLDCONN | OpFlags.USE_NEWVAL, 4),
+ new OperationWithAction(OperationCode.GET, 1, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP, 4),
+
+ OperationWithAction.OPBLOCK_END,
+
+ // Register interest in all KEYS using regular expression
+ new OperationWithAction(OperationCode.REGISTER_INTEREST, OperationCode.UNREGISTER_INTEREST, 3, OpFlags.USE_REGEX, 4),
+ new OperationWithAction(OperationCode.REGISTER_INTEREST, 2, OpFlags.USE_REGEX, 4),
+ // UPDATE and test with GET
+ new OperationWithAction(OperationCode.PUT),
+ new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP, 4),
+
+ // Unregister interest in all KEYS using regular expression
+ new OperationWithAction(OperationCode.UNREGISTER_INTEREST, 3, OpFlags.USE_OLDCONN | OpFlags.USE_REGEX | OpFlags.CHECK_NOTAUTHZ, 4),
+ new OperationWithAction(OperationCode.UNREGISTER_INTEREST, 2, OpFlags.USE_OLDCONN | OpFlags.USE_REGEX, 4),
+ // UPDATE and test with GET for no updates
+ new OperationWithAction(OperationCode.PUT, 1, OpFlags.USE_OLDCONN | OpFlags.USE_NEWVAL, 4),
+ new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP, 4),
+
+ OperationWithAction.OPBLOCK_END
+ };
+ }
+
+ private OperationWithAction[] allOpsForAllOpsWithFailover() {
+ return new OperationWithAction[] {
+ // Test CREATE and verify with a GET
+ new OperationWithAction(OperationCode.PUT, 3, OpFlags.CHECK_NOTAUTHZ, 4),
+ new OperationWithAction(OperationCode.PUT),
+ new OperationWithAction(OperationCode.GET, 3, OpFlags.CHECK_NOKEY | OpFlags.CHECK_NOTAUTHZ, 4),
+ new OperationWithAction(OperationCode.GET, 2, OpFlags.CHECK_NOKEY, 4),
+
+ // OPBLOCK_END indicates end of an operation block; the above block of three operations will be first executed on server1 and then on server2 after failover
+ OperationWithAction.OPBLOCK_END,
+
+ // Test PUTALL and verify with GETs
+ new OperationWithAction(OperationCode.PUTALL, 3, OpFlags.USE_NEWVAL | OpFlags.CHECK_NOTAUTHZ, 4),
+ new OperationWithAction(OperationCode.PUTALL, 1, OpFlags.USE_NEWVAL, 4),
+ new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.USE_NEWVAL, 4),
+ OperationWithAction.OPBLOCK_END,
+
+ // Test UPDATE and verify with a GET
+ new OperationWithAction(OperationCode.PUT, 3, OpFlags.USE_NEWVAL | OpFlags.CHECK_NOTAUTHZ, 4),
+ new OperationWithAction(OperationCode.PUT, 1, OpFlags.USE_NEWVAL, 4),
+ new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.USE_NEWVAL, 4),
+
+ OperationWithAction.OPBLOCK_END,
+
+ // Test DESTROY and verify with a GET and that key should not exist
+ new OperationWithAction(OperationCode.DESTROY, 3, OpFlags.USE_NEWVAL | OpFlags.CHECK_NOTAUTHZ, 4),
+ new OperationWithAction(OperationCode.DESTROY),
+ new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.CHECK_FAIL, 4), // bruce: added check_nokey because we now bring tombstones to the client in 8.0
+ // Repopulate the region
+ new OperationWithAction(OperationCode.PUT, 1, OpFlags.USE_NEWVAL, 4),
+
+ OperationWithAction.OPBLOCK_END,
+
+ // Check CONTAINS_KEY
+ new OperationWithAction(OperationCode.CONTAINS_KEY, 3, OpFlags.CHECK_NOTAUTHZ, 4),
+ new OperationWithAction(OperationCode.CONTAINS_KEY),
+ // Destroy the KEYS and check for failure in CONTAINS_KEY
+ new OperationWithAction(OperationCode.DESTROY, 2),
+ new OperationWithAction(OperationCode.CONTAINS_KEY, 3, OpFlags.CHECK_FAIL | OpFlags.CHECK_NOTAUTHZ, 4),
+ new OperationWithAction(OperationCode.CONTAINS_KEY, 1, OpFlags.USE_OLDCONN | OpFlags.CHECK_FAIL, 4),
+ // Repopulate the region
+ new OperationWithAction(OperationCode.PUT),
+
+ OperationWithAction.OPBLOCK_END,
+
+ // Check KEY_SET
+ new OperationWithAction(OperationCode.KEY_SET, 3, OpFlags.CHECK_NOTAUTHZ, 4),
+ new OperationWithAction(OperationCode.KEY_SET, 2),
+
+ OperationWithAction.OPBLOCK_END,
+
+ // Check QUERY
+ new OperationWithAction(OperationCode.QUERY, 3, OpFlags.CHECK_NOTAUTHZ, 4),
+ new OperationWithAction(OperationCode.QUERY),
+
+ OperationWithAction.OPBLOCK_END,
+
+ // Register interest in all KEYS using one key at a time
+ new OperationWithAction(OperationCode.REGISTER_INTEREST, 3, OpFlags.CHECK_NOTAUTHZ, 4),
+ new OperationWithAction(OperationCode.REGISTER_INTEREST, 2),
+ // UPDATE and test with GET
+ new OperationWithAction(OperationCode.PUT),
+ new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP, 4),
+
+ // Unregister interest in all KEYS using one key at a time
+ new OperationWithAction(OperationCode.UNREGISTER_INTEREST, 2, OpFlags.USE_OLDCONN, 4),
+ // UPDATE and test with GET for no updates
+ new OperationWithAction(OperationCode.PUT, 1, OpFlags.USE_OLDCONN | OpFlags.USE_NEWVAL, 4),
+ new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP, 4),
+
+ OperationWithAction.OPBLOCK_END,
+
+ // Test GET_ENTRY inside a TX, see #49951
+ new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_GET_ENTRY_IN_TX | OpFlags.CHECK_FAIL, 4),
+
+ OperationWithAction.OPBLOCK_END };
+ }
+
+ private Properties getUserPassword(final String userName) {
+ Properties props = new Properties();
+ props.setProperty(UserPasswordAuthInit.USER_NAME, userName);
+ props.setProperty(UserPasswordAuthInit.PASSWORD, userName);
+ return props;
+ }
+
+ private void executeRIOpBlock(final List<OperationWithAction> opBlock, final int port1, final int port2, final String authInit, final Properties extraAuthProps, final Properties extraAuthzProps, final Properties javaProps) throws InterruptedException {
+ for (Iterator opIter = opBlock.iterator(); opIter.hasNext();) {
+ // Start client with valid credentials as specified in OperationWithAction
+ OperationWithAction currentOp = (OperationWithAction)opIter.next();
+ OperationCode opCode = currentOp.getOperationCode();
+ int opFlags = currentOp.getFlags();
+ int clientNum = currentOp.getClientNum();
+ VM clientVM = null;
+ boolean useThisVM = false;
+
+ switch (clientNum) {
+ case 1:
+ clientVM = client1;
+ break;
+ case 2:
+ clientVM = client2;
+ break;
+ case 3:
+ useThisVM = true;
+ break;
+ default:
+ fail("executeRIOpBlock: Unknown client number " + clientNum);
+ break;
+ }
+
+ getLogWriter().info( "executeRIOpBlock: performing operation number [" + currentOp.getOpNum() + "]: " + currentOp);
+ if ((opFlags & OpFlags.USE_OLDCONN) == 0) {
+ Properties opCredentials = null;
+ String currentRegionName = '/' + regionName;
+ if ((opFlags & OpFlags.USE_SUBREGION) > 0) {
+ currentRegionName += ('/' + SUBREGION_NAME);
+ }
+ String credentialsTypeStr;
+ OperationCode authOpCode = currentOp.getAuthzOperationCode();
+
+ if ((opFlags & OpFlags.CHECK_NOTAUTHZ) > 0 || (opFlags & OpFlags.USE_NOTAUTHZ) > 0 || !authOpCode.equals(opCode)) {
+ credentialsTypeStr = " unauthorized " + authOpCode;
+ if (authOpCode.isRegisterInterest()) {
+ opCredentials = getUserPassword("reader7");
+ } else if (authOpCode.isUnregisterInterest()) {
+ opCredentials = getUserPassword("reader6");
+ } else {
+ fail("executeRIOpBlock: cannot determine credentials for" + credentialsTypeStr);
+ }
+
+ } else {
+ credentialsTypeStr = " authorized " + authOpCode;
+ if (authOpCode.isRegisterInterest() || authOpCode.isUnregisterInterest()) {
+ opCredentials = getUserPassword("reader5");
+ } else if (authOpCode.isPut()) {
+ opCredentials = getUserPassword("writer1");
+ } else if (authOpCode.isGet()) {
+ opCredentials = getUserPassword("reader1");
+ } else {
+ fail("executeRIOpBlock: cannot determine credentials for" + credentialsTypeStr);
+ }
+ }
+
+ Properties clientProps = concatProperties(new Properties[] { opCredentials, extraAuthProps, extraAuthzProps });
+
+ // Start the client with valid credentials but allowed or disallowed to perform an operation
+ getLogWriter().info("executeRIOpBlock: For client" + clientNum + credentialsTypeStr + " credentials: " + opCredentials);
+ if (useThisVM) {
+ createCacheClientWithDynamicRegion(authInit, clientProps, javaProps, new int[] { port1, port2 }, 0, false, NO_EXCEPTION);
+ } else {
+ clientVM.invoke(() -> createCacheClient(authInit, clientProps, javaProps, new int[] { port1, port2 }, 0, false, NO_EXCEPTION));
+ }
+
+ }
+
+ int expectedResult;
+ if ((opFlags & OpFlags.CHECK_NOTAUTHZ) > 0) {
+ expectedResult = NOTAUTHZ_EXCEPTION;
+ } else if ((opFlags & OpFlags.CHECK_EXCEPTION) > 0) {
+ expectedResult = OTHER_EXCEPTION;
+ } else {
+ expectedResult = NO_EXCEPTION;
+ }
+
+ // Perform the operation from selected client
+ if (useThisVM) {
+ doOp(opCode, currentOp.getIndices(), opFlags, expectedResult);
+
+ } else {
+ int[] indices = currentOp.getIndices();
+ clientVM.invoke(() -> ClientAuthorizationTestCase.doOp(opCode, indices, opFlags, expectedResult));
+ }
+ }
+ }
+
+ private void createClient2NoException(final Properties javaProps, final String authInit, final int port1, final int port2, final Properties getCredentials) {
+ client2.invoke(() -> ClientAuthenticationTestUtils.createCacheClient(authInit, getCredentials, javaProps, port1, port2, 0, NO_EXCEPTION));
+ }
+
+ private void createClient1NoException(final Properties javaProps, final String authInit, final int port1, final int port2, final Properties createCredentials) {
+ client1.invoke(() -> ClientAuthenticationTestUtils.createCacheClient(authInit, createCredentials, javaProps, port1, port2, 0, NO_EXCEPTION));
+ }
+
+ private int createServer2(final Properties javaProps, final Properties serverProps) {
+ return server2.invoke(() -> ClientAuthorizationTestCase.createCacheServer(getLocatorPort(), serverProps, javaProps));
+ }
+
+ private int createServer1(final Properties javaProps, final Properties serverProps) {
+ return server1.invoke(() -> ClientAuthorizationTestCase.createCacheServer(getLocatorPort(), serverProps, javaProps));
+ }
+
+ private void createServer2(Properties javaProps, Properties serverProps, int port2) {
+ server2.invoke(() -> ClientAuthorizationTestCase.createCacheServer(getLocatorPort(), port2, serverProps, javaProps));
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/ClientAuthorizationTestCase.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/ClientAuthorizationTestCase.java b/geode-core/src/test/java/org/apache/geode/security/ClientAuthorizationTestCase.java
new file mode 100644
index 0000000..c222e6c
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/ClientAuthorizationTestCase.java
@@ -0,0 +1,1325 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+import static com.gemstone.gemfire.internal.AvailablePort.*;
+import static com.gemstone.gemfire.security.SecurityTestUtils.*;
+import static com.gemstone.gemfire.test.dunit.Assert.*;
+import static com.gemstone.gemfire.test.dunit.Host.*;
+import static com.gemstone.gemfire.test.dunit.Wait.*;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+import java.util.Random;
+import java.util.Set;
+import java.util.concurrent.Callable;
+
+import com.gemstone.gemfire.cache.DynamicRegionFactory;
+import com.gemstone.gemfire.cache.InterestResultPolicy;
+import com.gemstone.gemfire.cache.Operation;
+import com.gemstone.gemfire.cache.Region;
+import com.gemstone.gemfire.cache.Region.Entry;
+import com.gemstone.gemfire.cache.RegionDestroyedException;
+import com.gemstone.gemfire.cache.client.ServerConnectivityException;
+import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
+import com.gemstone.gemfire.cache.query.CqAttributes;
+import com.gemstone.gemfire.cache.query.CqAttributesFactory;
+import com.gemstone.gemfire.cache.query.CqEvent;
+import com.gemstone.gemfire.cache.query.CqException;
+import com.gemstone.gemfire.cache.query.CqListener;
+import com.gemstone.gemfire.cache.query.CqQuery;
+import com.gemstone.gemfire.cache.query.QueryInvocationTargetException;
+import com.gemstone.gemfire.cache.query.QueryService;
+import com.gemstone.gemfire.cache.query.SelectResults;
+import com.gemstone.gemfire.cache.query.Struct;
+import com.gemstone.gemfire.internal.AvailablePort.*;
+import com.gemstone.gemfire.internal.AvailablePortHelper;
+import com.gemstone.gemfire.internal.cache.AbstractRegionEntry;
+import com.gemstone.gemfire.internal.cache.LocalRegion;
+import com.gemstone.gemfire.security.generator.AuthzCredentialGenerator;
+import com.gemstone.gemfire.security.generator.AuthzCredentialGenerator.ClassCode;
+import com.gemstone.gemfire.security.generator.CredentialGenerator;
+import com.gemstone.gemfire.security.generator.DummyCredentialGenerator;
+import com.gemstone.gemfire.security.generator.XmlAuthzCredentialGenerator;
+import com.gemstone.gemfire.test.dunit.VM;
+import com.gemstone.gemfire.test.dunit.WaitCriterion;
+import com.gemstone.gemfire.test.dunit.internal.JUnit4DistributedTestCase;
+
+/**
+ * Base class for tests for authorization from client to server. It contains
+ * utility functions for the authorization tests from client to server.
+ *
+ * @since GemFire 5.5
+ */
+public abstract class ClientAuthorizationTestCase extends JUnit4DistributedTestCase {
+
+ private static final int PAUSE = 5 * 1000;
+
+ protected static VM server1 = null;
+ protected static VM server2 = null;
+ protected static VM client1 = null;
+ protected static VM client2 = null;
+
+ protected static final String regionName = REGION_NAME; // TODO: remove
+ protected static final String SUBREGION_NAME = "AuthSubregion";
+
+ private static final String[] serverIgnoredExceptions = {
+ "Connection refused",
+ AuthenticationRequiredException.class.getName(),
+ AuthenticationFailedException.class.getName(),
+ NotAuthorizedException.class.getName(),
+ GemFireSecurityException.class.getName(),
+ RegionDestroyedException.class.getName(),
+ ClassNotFoundException.class.getName()
+ };
+
+ private static final String[] clientIgnoredExceptions = {
+ AuthenticationFailedException.class.getName(),
+ NotAuthorizedException.class.getName(),
+ RegionDestroyedException.class.getName()
+ };
+
+ @Override
+ public final void preSetUp() throws Exception {
+ }
+
+ @Override
+ public final void postSetUp() throws Exception {
+ preSetUpClientAuthorizationTestBase();
+ setUpClientAuthorizationTestBase();
+ postSetUpClientAuthorizationTestBase();
+ }
+
+ private final void setUpClientAuthorizationTestBase() throws Exception {
+ server1 = getHost(0).getVM(0);
+ server2 = getHost(0).getVM(1);
+ client1 = getHost(0).getVM(2);
+ client2 = getHost(0).getVM(3);
+ setUpIgnoredExceptions();
+ }
+
+ private final void setUpIgnoredExceptions() {
+ Set<String> serverExceptions = new HashSet<>();
+ serverExceptions.addAll(Arrays.asList(serverIgnoredExceptions()));
+ if (serverExceptions.isEmpty()) {
+ serverExceptions.addAll(Arrays.asList(serverIgnoredExceptions));
+ }
+
+ String[] serverExceptionsArray = serverExceptions.toArray(new String[serverExceptions.size()]);
+ server1.invoke(() -> registerExpectedExceptions(serverExceptionsArray));
+ server2.invoke(() -> registerExpectedExceptions(serverExceptionsArray));
+
+ Set<String> clientExceptions = new HashSet<>();
+ clientExceptions.addAll(Arrays.asList(clientIgnoredExceptions()));
+ if (clientExceptions.isEmpty()) {
+ clientExceptions.addAll(Arrays.asList(clientIgnoredExceptions));
+ }
+
+ String[] clientExceptionsArray = serverExceptions.toArray(new String[clientExceptions.size()]);
+ client2.invoke(() -> registerExpectedExceptions(clientExceptionsArray));
+ registerExpectedExceptions(clientExceptionsArray);
+ }
+
+ protected String[] serverIgnoredExceptions() {
+ return new String[]{};
+ }
+
+ protected String[] clientIgnoredExceptions() {
+ return new String[]{};
+ }
+
+ protected void preSetUpClientAuthorizationTestBase() throws Exception {
+ }
+
+ protected void postSetUpClientAuthorizationTestBase() throws Exception {
+ }
+
+ @Override
+ public final void preTearDown() throws Exception {
+ preTearDownClientAuthorizationTestBase();
+ tearDownClientAuthorizationTestBase();
+ postTearDownClientAuthorizationTestBase();
+ }
+
+ @Override
+ public final void postTearDown() throws Exception {
+ }
+
+ private final void tearDownClientAuthorizationTestBase() throws Exception {
+ // close the clients first
+ client1.invoke(() -> closeCache());
+ client2.invoke(() -> closeCache());
+ // then close the servers
+ server1.invoke(() -> closeCache());
+ server2.invoke(() -> closeCache());
+ }
+
+ protected void preTearDownClientAuthorizationTestBase() throws Exception {
+ }
+
+ protected void postTearDownClientAuthorizationTestBase() throws Exception {
+ }
+
+ protected static Properties buildProperties(final String authenticator, final String accessor, final boolean isAccessorPP, final Properties extraAuthProps, final Properties extraAuthzProps) {
+ Properties authProps = new Properties();
+ if (authenticator != null) {
+ authProps.setProperty(SECURITY_CLIENT_AUTHENTICATOR, authenticator);
+ }
+ if (accessor != null) {
+ if (isAccessorPP) {
+ authProps.setProperty(SECURITY_CLIENT_ACCESSOR_PP, accessor);
+ } else {
+ authProps.setProperty(SECURITY_CLIENT_ACCESSOR, accessor);
+ }
+ }
+ return concatProperties(new Properties[] { authProps, extraAuthProps, extraAuthzProps });
+ }
+
+ protected static Integer createCacheServer(int locatorPort, final Properties authProps, final Properties javaProps) {
+ if (locatorPort == 0) {
+ locatorPort = getRandomAvailablePort(SOCKET);
+ }
+ return SecurityTestUtils.createCacheServer(authProps, javaProps, locatorPort, null, 0, true, NO_EXCEPTION);
+ }
+
+ protected static int createCacheServer(int locatorPort, final int serverPort, final Properties authProps, final Properties javaProps) {
+ if (locatorPort == 0) {
+ locatorPort = getRandomAvailablePort(SOCKET);
+ }
+ return SecurityTestUtils.createCacheServer(authProps, javaProps, locatorPort, null, serverPort, true, NO_EXCEPTION);
+ }
+
+ protected static Region getRegion() {
+ return getCache().getRegion(regionName);
+ }
+
+ protected static Region getSubregion() {
+ return getCache().getRegion(regionName + '/' + SUBREGION_NAME);
+ }
+
+ private static Region createSubregion(final Region region) {
+ Region subregion = getSubregion();
+ if (subregion == null) {
+ subregion = region.createSubregion(SUBREGION_NAME, region.getAttributes());
+ }
+ return subregion;
+ }
+
+ protected static String indicesToString(final int[] indices) {
+ String str = "";
+ if (indices != null && indices.length > 0) {
+ str += indices[0];
+ for (int index = 1; index < indices.length; ++index) {
+ str += ",";
+ str += indices[index];
+ }
+ }
+ return str;
+ }
+
+ protected static void doOp(OperationCode op, final int[] indices, final int flagsI, final int expectedResult) throws InterruptedException {
+ boolean operationOmitted = false;
+ final int flags = flagsI;
+ Region region = getRegion();
+
+ if ((flags & OpFlags.USE_SUBREGION) > 0) {
+ assertNotNull(region);
+ Region subregion = null;
+
+ if ((flags & OpFlags.NO_CREATE_SUBREGION) > 0) {
+ if ((flags & OpFlags.CHECK_NOREGION) > 0) {
+ // Wait for some time for DRF update to come
+ waitForCondition(() -> getSubregion() == null);
+ subregion = getSubregion();
+ assertNull(subregion);
+ return;
+
+ } else {
+ // Wait for some time for DRF update to come
+ waitForCondition(() -> getSubregion() != null);
+ subregion = getSubregion();
+ assertNotNull(subregion);
+ }
+
+ } else {
+ subregion = createSubregion(region);
+ }
+
+ assertNotNull(subregion);
+ region = subregion;
+
+ } else if ((flags & OpFlags.CHECK_NOREGION) > 0) {
+ // Wait for some time for region destroy update to come
+ waitForCondition(() -> getRegion() == null);
+ region = getRegion();
+ assertNull(region);
+ return;
+
+ } else {
+ assertNotNull(region);
+ }
+
+ final String[] keys = KEYS;
+ final String[] vals;
+ if ((flags & OpFlags.USE_NEWVAL) > 0) {
+ vals = NVALUES;
+ }
+ else {
+ vals = VALUES;
+ }
+
+ InterestResultPolicy policy = InterestResultPolicy.KEYS_VALUES;
+ if ((flags & OpFlags.REGISTER_POLICY_NONE) > 0) {
+ policy = InterestResultPolicy.NONE;
+ }
+
+ final int numOps = indices.length;
+ System.out.println("Got doOp for op: " + op.toString() + ", numOps: " + numOps + ", indices: " + indicesToString(indices) + ", expect: " + expectedResult);
+ boolean exceptionOccured = false;
+ boolean breakLoop = false;
+
+ if (op.isGet() || op.isContainsKey() || op.isKeySet() || op.isQuery() || op.isExecuteCQ()) {
+ Thread.sleep(PAUSE);
+ }
+
+ for (int indexIndex = 0; indexIndex < numOps; ++indexIndex) {
+ if (breakLoop) {
+ break;
+ }
+ int index = indices[indexIndex];
+
+ try {
+ final Object key = keys[index];
+ final Object expectedVal = vals[index];
+
+ if (op.isGet()) {
+ Object value = null;
+ // this is the case for testing GET_ALL
+ if ((flags & OpFlags.USE_ALL_KEYS) > 0) {
+ breakLoop = true;
+ List keyList = new ArrayList(numOps);
+ Object searchKey;
+
+ for (int keyNumIndex = 0; keyNumIndex < numOps; ++keyNumIndex) {
+ int keyNum = indices[keyNumIndex];
+ searchKey = keys[keyNum];
+ keyList.add(searchKey);
+
+ // local invalidate some KEYS to force fetch of those KEYS from server
+ if ((flags & OpFlags.CHECK_NOKEY) > 0) {
+ AbstractRegionEntry entry = (AbstractRegionEntry)((LocalRegion)region).getRegionEntry(searchKey);
+ System.out.println(""+keyNum+": key is " + searchKey + " and entry is " + entry);
+ assertFalse(region.containsKey(searchKey));
+ } else {
+ if (keyNumIndex % 2 == 1) {
+ assertTrue(region.containsKey(searchKey));
+ region.localInvalidate(searchKey);
+ }
+ }
+ }
+
+ Map entries = region.getAll(keyList);
+
+ for (int keyNumIndex = 0; keyNumIndex < numOps; ++keyNumIndex) {
+ int keyNum = indices[keyNumIndex];
+ searchKey = keys[keyNum];
+ if ((flags & OpFlags.CHECK_FAIL) > 0) {
+ assertFalse(entries.containsKey(searchKey));
+ } else {
+ assertTrue(entries.containsKey(searchKey));
+ value = entries.get(searchKey);
+ assertEquals(vals[keyNum], value);
+ }
+ }
+
+ break;
+ }
+
+ if ((flags & OpFlags.LOCAL_OP) > 0) {
+ Callable<Boolean> condition = new Callable<Boolean>() {
+ private Region region;
+
+ @Override
+ public Boolean call() throws Exception {
+ Object value = getLocalValue(region, key);
+ return (flags & OpFlags.CHECK_FAIL) > 0 ? !expectedVal.equals(value) : expectedVal.equals(value);
+ }
+
+ public Callable<Boolean> init(Region region) {
+ this.region = region;
+ return this;
+ }
+ }.init(region);
+ waitForCondition(condition);
+
+ value = getLocalValue(region, key);
+
+ } else if ((flags & OpFlags.USE_GET_ENTRY_IN_TX) > 0) {
+ getCache().getCacheTransactionManager().begin();
+ Entry e = region.getEntry(key);
+
+ // Also, check getAll()
+ ArrayList a = new ArrayList();
+ a.addAll(a);
+ region.getAll(a);
+
+ getCache().getCacheTransactionManager().commit();
+ value = e.getValue();
+
+ } else {
+ if ((flags & OpFlags.CHECK_NOKEY) > 0) {
+ assertFalse(region.containsKey(key));
+ } else {
+ assertTrue(region.containsKey(key) || ((LocalRegion)region).getRegionEntry(key).isTombstone());
+ region.localInvalidate(key);
+ }
+ value = region.get(key);
+ }
+
+ if ((flags & OpFlags.CHECK_FAIL) > 0) {
+ assertFalse(expectedVal.equals(value));
+ } else {
+ assertNotNull(value);
+ assertEquals(expectedVal, value);
+ }
+
+ } else if (op.isPut()) {
+ region.put(key, expectedVal);
+
+ } else if (op.isPutAll()) {
+ HashMap map = new HashMap();
+ for (int i=0; i<indices.length; i++) {
+ map.put(keys[indices[i]], vals[indices[i]]);
+ }
+ region.putAll(map);
+ breakLoop = true;
+
+ } else if (op.isDestroy()) {
+ // if (!region.containsKey(key)) {
+ // // Since DESTROY will fail unless the value is present
+ // // in the local cache, this is a workaround for two cases:
+ // // 1. When the operation is supposed to succeed then in
+ // // the current AuthzCredentialGenerators the clients having
+ // // DESTROY permission also has CREATE/UPDATE permission
+ // // so that calling region.put() will work for that case.
+ // // 2. When the operation is supposed to fail with
+ // // NotAuthorizedException then in the current
+ // // AuthzCredentialGenerators the clients not
+ // // having DESTROY permission are those with reader role that have
+ // // GET permission.
+ // //
+ // // If either of these assumptions fails, then this has to be
+ // // adjusted or reworked accordingly.
+ // if ((flags & OpFlags.CHECK_NOTAUTHZ) > 0) {
+ // Object value = region.get(key);
+ // assertNotNull(value);
+ // assertIndexDetailsEquals(vals[index], value);
+ // }
+ // else {
+ // region.put(key, vals[index]);
+ // }
+ // }
+ if ((flags & OpFlags.LOCAL_OP) > 0) {
+ region.localDestroy(key);
+ }
+ else {
+ region.destroy(key);
+ }
+
+ } else if (op.isInvalidate()) {
+ if (region.containsKey(key)) {
+ if ((flags & OpFlags.LOCAL_OP) > 0) {
+ region.localInvalidate(key);
+ } else {
+ region.invalidate(key);
+ }
+ }
+
+ } else if (op.isContainsKey()) {
+ boolean result;
+ if ((flags & OpFlags.LOCAL_OP) > 0) {
+ result = region.containsKey(key);
+ } else {
+ result = region.containsKeyOnServer(key);
+ }
+ if ((flags & OpFlags.CHECK_FAIL) > 0) {
+ assertFalse(result);
+ } else {
+ assertTrue(result);
+ }
+
+ } else if (op.isRegisterInterest()) {
+ if ((flags & OpFlags.USE_LIST) > 0) {
+ breakLoop = true;
+ // Register interest list in this case
+ List keyList = new ArrayList(numOps);
+ for (int keyNumIndex = 0; keyNumIndex < numOps; ++keyNumIndex) {
+ int keyNum = indices[keyNumIndex];
+ keyList.add(keys[keyNum]);
+ }
+ region.registerInterest(keyList, policy);
+
+ } else if ((flags & OpFlags.USE_REGEX) > 0) {
+ breakLoop = true;
+ region.registerInterestRegex("key[1-" + numOps + ']', policy);
+
+ } else if ((flags & OpFlags.USE_ALL_KEYS) > 0) {
+ breakLoop = true;
+ region.registerInterest("ALL_KEYS", policy);
+
+ } else {
+ region.registerInterest(key, policy);
+ }
+
+ } else if (op.isUnregisterInterest()) {
+ if ((flags & OpFlags.USE_LIST) > 0) {
+ breakLoop = true;
+ // Register interest list in this case
+ List keyList = new ArrayList(numOps);
+ for (int keyNumIndex = 0; keyNumIndex < numOps; ++keyNumIndex) {
+ int keyNum = indices[keyNumIndex];
+ keyList.add(keys[keyNum]);
+ }
+ region.unregisterInterest(keyList);
+
+ } else if ((flags & OpFlags.USE_REGEX) > 0) {
+ breakLoop = true;
+ region.unregisterInterestRegex("key[1-" + numOps + ']');
+
+ } else if ((flags & OpFlags.USE_ALL_KEYS) > 0) {
+ breakLoop = true;
+ region.unregisterInterest("ALL_KEYS");
+
+ } else {
+ region.unregisterInterest(key);
+ }
+
+ } else if (op.isKeySet()) {
+ breakLoop = true;
+ Set keySet;
+ if ((flags & OpFlags.LOCAL_OP) > 0) {
+ keySet = region.keySet();
+ } else {
+ keySet = region.keySetOnServer();
+ }
+
+ assertNotNull(keySet);
+ if ((flags & OpFlags.CHECK_FAIL) == 0) {
+ assertEquals(numOps, keySet.size());
+ }
+ for (int keyNumIndex = 0; keyNumIndex < numOps; ++keyNumIndex) {
+ int keyNum = indices[keyNumIndex];
+ if ((flags & OpFlags.CHECK_FAIL) > 0) {
+ assertFalse(keySet.contains(keys[keyNum]));
+ } else {
+ assertTrue(keySet.contains(keys[keyNum]));
+ }
+ }
+
+ } else if (op.isQuery()) {
+ breakLoop = true;
+ SelectResults queryResults = region.query("SELECT DISTINCT * FROM " + region.getFullPath());
+ assertNotNull(queryResults);
+ Set queryResultSet = queryResults.asSet();
+ if ((flags & OpFlags.CHECK_FAIL) == 0) {
+ assertEquals(numOps, queryResultSet.size());
+ }
+ for (int keyNumIndex = 0; keyNumIndex < numOps; ++keyNumIndex) {
+ int keyNum = indices[keyNumIndex];
+ if ((flags & OpFlags.CHECK_FAIL) > 0) {
+ assertFalse(queryResultSet.contains(vals[keyNum]));
+ } else {
+ assertTrue(queryResultSet.contains(vals[keyNum]));
+ }
+ }
+
+ } else if (op.isExecuteCQ()) {
+ breakLoop = true;
+ QueryService queryService = getCache().getQueryService();
+ CqQuery cqQuery;
+ if ((cqQuery = queryService.getCq("cq1")) == null) {
+ CqAttributesFactory cqFact = new CqAttributesFactory();
+ cqFact.addCqListener(new AuthzCqListener());
+ CqAttributes cqAttrs = cqFact.create();
+ cqQuery = queryService.newCq("cq1", "SELECT * FROM " + region.getFullPath(), cqAttrs);
+ }
+
+ if ((flags & OpFlags.LOCAL_OP) > 0) {
+ // Interpret this as testing results using CqListener
+ final AuthzCqListener listener = (AuthzCqListener)cqQuery.getCqAttributes().getCqListener();
+ WaitCriterion ev = new WaitCriterion() {
+ @Override
+ public boolean done() {
+ if ((flags & OpFlags.CHECK_FAIL) > 0) {
+ return 0 == listener.getNumUpdates();
+ } else {
+ return numOps == listener.getNumUpdates();
+ }
+ }
+ @Override
+ public String description() {
+ return null;
+ }
+ };
+ waitForCriterion(ev, 3 * 1000, 200, true);
+
+ if ((flags & OpFlags.CHECK_FAIL) > 0) {
+ assertEquals(0, listener.getNumUpdates());
+ } else {
+ assertEquals(numOps, listener.getNumUpdates());
+ listener.checkPuts(vals, indices);
+ }
+
+ assertEquals(0, listener.getNumCreates());
+ assertEquals(0, listener.getNumDestroys());
+ assertEquals(0, listener.getNumOtherOps());
+ assertEquals(0, listener.getNumErrors());
+
+ } else {
+ SelectResults cqResults = cqQuery.executeWithInitialResults();
+ assertNotNull(cqResults);
+ Set cqResultValues = new HashSet();
+ for (Object o : cqResults.asList()) {
+ Struct s = (Struct)o;
+ cqResultValues.add(s.get("value"));
+ }
+
+ Set cqResultSet = cqResults.asSet();
+ if ((flags & OpFlags.CHECK_FAIL) == 0) {
+ assertEquals(numOps, cqResultSet.size());
+ }
+
+ for (int keyNumIndex = 0; keyNumIndex < numOps; ++keyNumIndex) {
+ int keyNum = indices[keyNumIndex];
+ if ((flags & OpFlags.CHECK_FAIL) > 0) {
+ assertFalse(cqResultValues.contains(vals[keyNum]));
+ } else {
+ assertTrue(cqResultValues.contains(vals[keyNum]));
+ }
+ }
+ }
+
+ } else if (op.isStopCQ()) {
+ breakLoop = true;
+ CqQuery cqQuery = getCache().getQueryService().getCq("cq1");
+ ((AuthzCqListener)cqQuery.getCqAttributes().getCqListener()).reset();
+ cqQuery.stop();
+
+ } else if (op.isCloseCQ()) {
+ breakLoop = true;
+ CqQuery cqQuery = getCache().getQueryService().getCq("cq1");
+ ((AuthzCqListener)cqQuery.getCqAttributes().getCqListener()).reset();
+ cqQuery.close();
+
+ } else if (op.isRegionClear()) {
+ breakLoop = true;
+ if ((flags & OpFlags.LOCAL_OP) > 0) {
+ region.localClear();
+ } else {
+ region.clear();
+ }
+
+ } else if (op.isRegionCreate()) {
+ breakLoop = true;
+ // Region subregion = createSubregion(region);
+ // subregion.createRegionOnServer();
+ // Create region on server using the DynamicRegionFactory
+ // Assume it has been already initialized
+ DynamicRegionFactory drf = DynamicRegionFactory.get();
+ Region subregion = drf.createDynamicRegion(regionName, SUBREGION_NAME);
+ assertEquals('/' + regionName + '/' + SUBREGION_NAME, subregion.getFullPath());
+
+ } else if (op.isRegionDestroy()) {
+ breakLoop = true;
+ if ((flags & OpFlags.LOCAL_OP) > 0) {
+ region.localDestroyRegion();
+
+ } else {
+ if ((flags & OpFlags.USE_SUBREGION) > 0) {
+ try {
+ DynamicRegionFactory.get().destroyDynamicRegion(region.getFullPath());
+ } catch (RegionDestroyedException ex) {
+ // harmless to ignore this
+ System.out.println("doOp: sub-region " + region.getFullPath() + " already destroyed");
+ operationOmitted = true;
+ }
+ } else {
+ region.destroyRegion();
+ }
+ }
+
+ } else {
+ fail("doOp: Unhandled operation " + op);
+ }
+
+ if (expectedResult != NO_EXCEPTION) {
+ if (!operationOmitted && !op.isUnregisterInterest()) {
+ fail("Expected an exception while performing operation op =" + op + "flags = " + OpFlags.description(flags));
+ }
+ }
+
+ } catch (Exception ex) {
+ exceptionOccured = true;
+ if ((ex instanceof ServerConnectivityException || ex instanceof QueryInvocationTargetException || ex instanceof CqException)
+ && (expectedResult == NOTAUTHZ_EXCEPTION) && (ex.getCause() instanceof NotAuthorizedException)) {
+ System.out.println("doOp: Got expected NotAuthorizedException when doing operation [" + op + "] with flags " + OpFlags.description(flags) + ": " + ex.getCause());
+ continue;
+ } else if (expectedResult == OTHER_EXCEPTION) {
+ System.out.println("doOp: Got expected exception when doing operation: " + ex.toString());
+ continue;
+ } else {
+ fail("doOp: Got unexpected exception when doing operation. Policy = " + policy + " flags = " + OpFlags.description(flags), ex);
+ }
+ }
+ }
+ if (!exceptionOccured && !operationOmitted && expectedResult != NO_EXCEPTION) {
+ fail("Expected an exception while performing operation: " + op + " flags = " + OpFlags.description(flags));
+ }
+ }
+
+ protected void executeOpBlock(final List<OperationWithAction> opBlock, final int port1, final int port2, final String authInit, final Properties extraAuthProps, final Properties extraAuthzProps, final TestCredentialGenerator credentialGenerator, final Random random) throws InterruptedException {
+ for (Iterator<OperationWithAction> opIter = opBlock.iterator(); opIter.hasNext();) {
+ // Start client with valid credentials as specified in OperationWithAction
+ OperationWithAction currentOp = opIter.next();
+ OperationCode opCode = currentOp.getOperationCode();
+ int opFlags = currentOp.getFlags();
+ int clientNum = currentOp.getClientNum();
+ VM clientVM = null;
+ boolean useThisVM = false;
+
+ switch (clientNum) {
+ case 1:
+ clientVM = client1;
+ break;
+ case 2:
+ clientVM = client2;
+ break;
+ case 3:
+ useThisVM = true;
+ break;
+ default:
+ fail("executeOpBlock: Unknown client number " + clientNum);
+ break;
+ }
+
+ System.out.println("executeOpBlock: performing operation number [" + currentOp.getOpNum() + "]: " + currentOp);
+ if ((opFlags & OpFlags.USE_OLDCONN) == 0) {
+ Properties opCredentials;
+ int newRnd = random.nextInt(100) + 1;
+ String currentRegionName = '/' + regionName;
+ if ((opFlags & OpFlags.USE_SUBREGION) > 0) {
+ currentRegionName += ('/' + SUBREGION_NAME);
+ }
+
+ String credentialsTypeStr;
+ OperationCode authOpCode = currentOp.getAuthzOperationCode();
+ int[] indices = currentOp.getIndices();
+ CredentialGenerator cGen = credentialGenerator.getCredentialGenerator();
+ final Properties javaProps = cGen == null ? null : cGen.getJavaProperties();
+
+ if ((opFlags & OpFlags.CHECK_NOTAUTHZ) > 0 || (opFlags & OpFlags.USE_NOTAUTHZ) > 0) {
+ opCredentials = credentialGenerator.getDisallowedCredentials(new OperationCode[] { authOpCode }, new String[] { currentRegionName }, indices, newRnd);
+ credentialsTypeStr = " unauthorized " + authOpCode;
+ } else {
+ opCredentials = credentialGenerator.getAllowedCredentials(new OperationCode[] { opCode, authOpCode }, new String[] { currentRegionName }, indices, newRnd);
+ credentialsTypeStr = " authorized " + authOpCode;
+ }
+
+ Properties clientProps = concatProperties(new Properties[] { opCredentials, extraAuthProps, extraAuthzProps });
+ // Start the client with valid credentials but allowed or disallowed to perform an operation
+ System.out.println("executeOpBlock: For client" + clientNum + credentialsTypeStr + " credentials: " + opCredentials);
+ boolean setupDynamicRegionFactory = (opFlags & OpFlags.ENABLE_DRF) > 0;
+
+ if (useThisVM) {
+ SecurityTestUtils.createCacheClientWithDynamicRegion(authInit, clientProps, javaProps, new int[] { port1, port2 }, 0, setupDynamicRegionFactory, NO_EXCEPTION);
+ } else {
+ clientVM.invoke("SecurityTestUtils.createCacheClientWithDynamicRegion",
+ () -> SecurityTestUtils.createCacheClientWithDynamicRegion(authInit, clientProps, javaProps, new int[] { port1, port2 }, 0, setupDynamicRegionFactory, NO_EXCEPTION));
+ }
+ }
+
+ int expectedResult;
+ if ((opFlags & OpFlags.CHECK_NOTAUTHZ) > 0) {
+ expectedResult = NOTAUTHZ_EXCEPTION;
+ } else if ((opFlags & OpFlags.CHECK_EXCEPTION) > 0) {
+ expectedResult = OTHER_EXCEPTION;
+ } else {
+ expectedResult = NO_EXCEPTION;
+ }
+
+ // Perform the operation from selected client
+ if (useThisVM) {
+ doOp(opCode, currentOp.getIndices(), new Integer(opFlags), new Integer(expectedResult));
+ } else {
+ int[] indices = currentOp.getIndices();
+ clientVM.invoke("ClientAuthorizationTestCase.doOp",
+ () -> ClientAuthorizationTestCase.doOp( opCode, indices, new Integer(opFlags), new Integer(expectedResult) ));
+ }
+ }
+ }
+
+ protected AuthzCredentialGenerator getXmlAuthzGenerator(){
+ AuthzCredentialGenerator authzGen = new XmlAuthzCredentialGenerator();
+ CredentialGenerator cGen = new DummyCredentialGenerator();
+ cGen.init();
+ authzGen.init(cGen);
+ return authzGen;
+ }
+
+ protected List<AuthzCredentialGenerator> getDummyGeneratorCombos() {
+ List<AuthzCredentialGenerator> generators = new ArrayList<>();
+ Iterator authzCodeIter = AuthzCredentialGenerator.ClassCode.getAll().iterator();
+
+ while (authzCodeIter.hasNext()) {
+ ClassCode authzClassCode = (ClassCode) authzCodeIter.next();
+ AuthzCredentialGenerator authzGen = AuthzCredentialGenerator.create(authzClassCode);
+
+ if (authzGen != null) {
+ CredentialGenerator cGen = new DummyCredentialGenerator();
+ cGen.init();
+ if (authzGen.init(cGen)) {
+ generators.add(authzGen);
+ }
+ }
+ }
+
+ assertTrue(generators.size() > 0);
+ return generators;
+ }
+
+ protected void runOpsWithFailOver(final OperationWithAction[] opCodes, final String testName) throws InterruptedException {
+ AuthzCredentialGenerator gen = getXmlAuthzGenerator();
+ CredentialGenerator cGen = gen.getCredentialGenerator();
+ Properties extraAuthProps = cGen.getSystemProperties();
+ Properties javaProps = cGen.getJavaProperties();
+ Properties extraAuthzProps = gen.getSystemProperties();
+ String authenticator = cGen.getAuthenticator();
+ String authInit = cGen.getAuthInit();
+ String accessor = gen.getAuthorizationCallback();
+ TestAuthzCredentialGenerator tgen = new TestAuthzCredentialGenerator(gen);
+
+ System.out.println(testName + ": Using authinit: " + authInit);
+ System.out.println(testName + ": Using authenticator: " + authenticator);
+ System.out.println(testName + ": Using accessor: " + accessor);
+
+ // Start servers with all required properties
+ Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps);
+
+ // Get ports for the servers
+ List<Keeper> randomAvailableTCPPortKeepers = AvailablePortHelper.getRandomAvailableTCPPortKeepers(4);
+ Keeper locator1PortKeeper = randomAvailableTCPPortKeepers.get(0);
+ Keeper locator2PortKeeper = randomAvailableTCPPortKeepers.get(1);
+ Keeper port1Keeper = randomAvailableTCPPortKeepers.get(2);
+ Keeper port2Keeper = randomAvailableTCPPortKeepers.get(3);
+ int locator1Port = locator1PortKeeper.getPort();
+ int locator2Port = locator2PortKeeper.getPort();
+ int port1 = port1Keeper.getPort();
+ int port2 = port2Keeper.getPort();
+
+ // Perform all the ops on the clients
+ List opBlock = new ArrayList();
+ Random rnd = new Random();
+
+ for (int opNum = 0; opNum < opCodes.length; ++opNum) {
+ // Start client with valid credentials as specified in OperationWithAction
+ OperationWithAction currentOp = opCodes[opNum];
+
+ if (currentOp.equals(OperationWithAction.OPBLOCK_END) || currentOp.equals(OperationWithAction.OPBLOCK_NO_FAILOVER)) {
+ // End of current operation block; execute all the operations on the servers with/without failover
+ if (opBlock.size() > 0) {
+ locator1PortKeeper.release();
+ port1Keeper.release();
+
+ // Start the first server and execute the operation block
+ server1.invoke("createCacheServer", () -> ClientAuthorizationTestCase.createCacheServer(locator1Port, port1, serverProps, javaProps ));
+ server2.invoke("closeCache", () -> closeCache());
+
+ executeOpBlock(opBlock, port1, port2, authInit, extraAuthProps, extraAuthzProps, tgen, rnd);
+
+ if (!currentOp.equals(OperationWithAction.OPBLOCK_NO_FAILOVER)) {
+ // Failover to the second server and run the block again
+ locator2PortKeeper.release();
+ port2Keeper.release();
+
+ server2.invoke("createCacheServer", () -> ClientAuthorizationTestCase.createCacheServer(locator2Port, port2, serverProps, javaProps ));
+ server1.invoke("closeCache", () -> closeCache());
+
+ executeOpBlock(opBlock, port1, port2, authInit, extraAuthProps, extraAuthzProps, tgen, rnd);
+ }
+ opBlock.clear();
+ }
+
+ } else {
+ currentOp.setOpNum(opNum);
+ opBlock.add(currentOp);
+ }
+ }
+ }
+
+ /**
+ * Implements the {@link CqListener} interface and counts the number of
+ * different operations and also queues up the received updates to precise
+ * checking of each update.
+ *
+ * @since GemFire 5.5
+ */
+ private static class AuthzCqListener implements CqListener {
+
+ private List<CqEvent> eventList;
+ private int numCreates;
+ private int numUpdates;
+ private int numDestroys;
+ private int numOtherOps;
+ private int numErrors;
+
+ public AuthzCqListener() {
+ this.eventList = new ArrayList<>();
+ reset();
+ }
+
+ public void reset() {
+ this.eventList.clear();
+ this.numCreates = 0;
+ this.numUpdates = 0;
+ this.numErrors = 0;
+ }
+
+ public void onEvent(final CqEvent aCqEvent) {
+ Operation op = aCqEvent.getBaseOperation();
+ if (op.isCreate()) {
+ ++this.numCreates;
+ } else if (op.isUpdate()) {
+ ++this.numUpdates;
+ } else if (op.isDestroy()) {
+ ++this.numDestroys;
+ } else {
+ ++this.numOtherOps;
+ }
+ eventList.add(aCqEvent);
+ }
+
+ public void onError(final CqEvent aCqEvent) {
+ ++this.numErrors;
+ }
+
+ public void close() {
+ this.eventList.clear();
+ }
+
+ public int getNumCreates() {
+ return this.numCreates;
+ }
+
+ public int getNumUpdates() {
+ return this.numUpdates;
+ }
+
+ public int getNumDestroys() {
+ return this.numDestroys;
+ }
+
+ public int getNumOtherOps() {
+ return this.numOtherOps;
+ }
+
+ public int getNumErrors() {
+ return this.numErrors;
+ }
+
+ public void checkPuts(final String[] vals, final int[] indices) {
+ for (int indexIndex = 0; indexIndex < indices.length; ++indexIndex) {
+ int index = indices[indexIndex];
+ boolean foundKey = false;
+
+ for (Iterator<CqEvent> eventIter = this.eventList.iterator(); eventIter.hasNext();) {
+ CqEvent event = (CqEvent)eventIter.next();
+ if (KEYS[index].equals(event.getKey())) {
+ assertEquals(vals[index], event.getNewValue());
+ foundKey = true;
+ break;
+ }
+ }
+
+ assertTrue(foundKey);
+ }
+ }
+ }
+
+ /**
+ * This class specifies flags that can be used to alter the behaviour of
+ * operations being performed by the <code>doOp</code> function.
+ *
+ * @since GemFire 5.5
+ */
+ protected static class OpFlags {
+
+ /**
+ * Default behaviour.
+ */
+ public static final int NONE = 0x0;
+
+ /**
+ * Check that the operation should fail.
+ */
+ public static final int CHECK_FAIL = 0x1;
+
+ /**
+ * Check that the operation should throw <code>NotAuthorizedException</code>.
+ */
+ public static final int CHECK_NOTAUTHZ = 0x2;
+
+ /**
+ * Check that the region should not be available.
+ */
+ public static final int CHECK_NOREGION = 0x4;
+
+ /**
+ * Check that the operation should throw an exception other than the
+ * <code>NotAuthorizedException</code>.
+ */
+ public static final int CHECK_EXCEPTION = 0x8;
+
+ /**
+ * Check for nvalues[] instead of values[].
+ */
+ public static final int USE_NEWVAL = 0x10;
+
+ /**
+ * Register all KEYS. For GET operations indicates using getAll().
+ */
+ public static final int USE_ALL_KEYS = 0x20;
+
+ /**
+ * Register a regular expression.
+ */
+ public static final int USE_REGEX = 0x40;
+
+ /**
+ * Register a list of KEYS.
+ */
+ public static final int USE_LIST = 0x80;
+
+ /**
+ * Perform the local version of the operation.
+ */
+ public static final int LOCAL_OP = 0x100;
+
+ /**
+ * Check that the key for the operation should not be present.
+ */
+ public static final int CHECK_NOKEY = 0x200;
+
+ /**
+ * Use the sub-region for performing the operation.
+ */
+ public static final int USE_SUBREGION = 0x400;
+
+ /**
+ * Do not try to create the sub-region.
+ */
+ public static final int NO_CREATE_SUBREGION = 0x800;
+
+ /**
+ * Do not re-connect using new credentials rather use the previous
+ * connection.
+ */
+ public static final int USE_OLDCONN = 0x1000;
+
+ /**
+ * Do the connection with unauthorized credentials but do not check that the
+ * operation throws <code>NotAuthorizedException</code>.
+ */
+ public static final int USE_NOTAUTHZ = 0x2000;
+
+ /**
+ * Enable {@link DynamicRegionFactory} on the client.
+ */
+ public static final int ENABLE_DRF = 0x4000;
+
+ /**
+ * Use the {@link InterestResultPolicy#NONE} for register interest.
+ */
+ public static final int REGISTER_POLICY_NONE = 0x8000;
+
+ /**
+ * Use the {@link LocalRegion#getEntry} under transaction.
+ */
+ public static final int USE_GET_ENTRY_IN_TX = 0x10000;
+
+ public static String description(int f) {
+ StringBuffer sb = new StringBuffer();
+ sb.append("[");
+ if ((f & CHECK_FAIL) != 0) {
+ sb.append("CHECK_FAIL,");
+ }
+ if ((f & CHECK_NOTAUTHZ) != 0) {
+ sb.append("CHECK_NOTAUTHZ,");
+ }
+ if ((f & CHECK_NOREGION) != 0) {
+ sb.append("CHECK_NOREGION,");
+ }
+ if ((f & CHECK_EXCEPTION) != 0) {
+ sb.append("CHECK_EXCEPTION,");
+ }
+ if ((f & USE_NEWVAL) != 0) {
+ sb.append("USE_NEWVAL,");
+ }
+ if ((f & USE_ALL_KEYS) != 0) {
+ sb.append("USE_ALL_KEYS,");
+ }
+ if ((f & USE_REGEX) != 0) {
+ sb.append("USE_REGEX,");
+ }
+ if ((f & USE_LIST) != 0) {
+ sb.append("USE_LIST,");
+ }
+ if ((f & LOCAL_OP) != 0) {
+ sb.append("LOCAL_OP,");
+ }
+ if ((f & CHECK_NOKEY) != 0) {
+ sb.append("CHECK_NOKEY,");
+ }
+ if ((f & USE_SUBREGION) != 0) {
+ sb.append("USE_SUBREGION,");
+ }
+ if ((f & NO_CREATE_SUBREGION) != 0) {
+ sb.append("NO_CREATE_SUBREGION,");
+ }
+ if ((f & USE_OLDCONN) != 0) {
+ sb.append("USE_OLDCONN,");
+ }
+ if ((f & USE_NOTAUTHZ) != 0) {
+ sb.append("USE_NOTAUTHZ");
+ }
+ if ((f & ENABLE_DRF) != 0) {
+ sb.append("ENABLE_DRF,");
+ }
+ if ((f & REGISTER_POLICY_NONE) != 0) {
+ sb.append("REGISTER_POLICY_NONE,");
+ }
+ sb.append("]");
+ return sb.toString();
+ }
+ }
+
+ /**
+ * This class encapsulates an {@link OperationCode} with associated flags, the
+ * client to perform the operation, and the number of operations to perform.
+ *
+ * @since GemFire 5.5
+ */
+ protected static class OperationWithAction {
+
+ /**
+ * The operation to be performed.
+ */
+ private OperationCode opCode;
+
+ /**
+ * The operation for which authorized or unauthorized credentials have to be
+ * generated. This is the same as {@link #opCode} when not specified.
+ */
+ private OperationCode authzOpCode;
+
+ /**
+ * The client number on which the operation has to be performed.
+ */
+ private int clientNum;
+
+ /**
+ * Bitwise or'd {@link OpFlags} integer to change/specify the behaviour of the operations.
+ */
+ private int flags;
+
+ /**
+ * Indices of the KEYS array to be used for operations.
+ */
+ private int[] indices;
+
+ /**
+ * An index for the operation used for logging.
+ */
+ private int opNum;
+
+ /**
+ * Indicates end of an operation block which can be used for testing with failover
+ */
+ public static final OperationWithAction OPBLOCK_END = new OperationWithAction(null, 4);
+
+ /**
+ * Indicates end of an operation block which should not be used for testing with failover
+ */
+ public static final OperationWithAction OPBLOCK_NO_FAILOVER = new OperationWithAction(null, 5);
+
+ private void setIndices(int numOps) {
+ this.indices = new int[numOps];
+ for (int index = 0; index < numOps; ++index) {
+ this.indices[index] = index;
+ }
+ }
+
+ public OperationWithAction(final OperationCode opCode) {
+ this.opCode = opCode;
+ this.authzOpCode = opCode;
+ this.clientNum = 1;
+ this.flags = OpFlags.NONE;
+ setIndices(4);
+ this.opNum = 0;
+ }
+
+ public OperationWithAction(final OperationCode opCode, final int clientNum) {
+ this.opCode = opCode;
+ this.authzOpCode = opCode;
+ this.clientNum = clientNum;
+ this.flags = OpFlags.NONE;
+ setIndices(4);
+ this.opNum = 0;
+ }
+
+ public OperationWithAction(final OperationCode opCode, final int clientNum, final int flags, final int numOps) {
+ this.opCode = opCode;
+ this.authzOpCode = opCode;
+ this.clientNum = clientNum;
+ this.flags = flags;
+ setIndices(numOps);
+ this.opNum = 0;
+ }
+
+ public OperationWithAction(final OperationCode opCode, final OperationCode deniedOpCode, final int clientNum, final int flags, final int numOps) {
+ this.opCode = opCode;
+ this.authzOpCode = deniedOpCode;
+ this.clientNum = clientNum;
+ this.flags = flags;
+ setIndices(numOps);
+ this.opNum = 0;
+ }
+
+ public OperationWithAction(final OperationCode opCode, final int clientNum, final int flags, final int[] indices) {
+ this.opCode = opCode;
+ this.authzOpCode = opCode;
+ this.clientNum = clientNum;
+ this.flags = flags;
+ this.indices = indices;
+ this.opNum = 0;
+ }
+
+ public OperationWithAction(final OperationCode opCode, final OperationCode deniedOpCode, final int clientNum, final int flags, final int[] indices) {
+ this.opCode = opCode;
+ this.authzOpCode = deniedOpCode;
+ this.clientNum = clientNum;
+ this.flags = flags;
+ this.indices = indices;
+ this.opNum = 0;
+ }
+
+ public OperationCode getOperationCode() {
+ return this.opCode;
+ }
+
+ public OperationCode getAuthzOperationCode() {
+ return this.authzOpCode;
+ }
+
+ public int getClientNum() {
+ return this.clientNum;
+ }
+
+ public int getFlags() {
+ return this.flags;
+ }
+
+ public int[] getIndices() {
+ return this.indices;
+ }
+
+ public int getOpNum() {
+ return this.opNum;
+ }
+
+ public void setOpNum(int opNum) {
+ this.opNum = opNum;
+ }
+
+ @Override
+ public String toString() {
+ return "opCode:" + this.opCode + ",authOpCode:" + this.authzOpCode + ",clientNum:" + this.clientNum + ",flags:" + this.flags + ",numOps:" + this.indices.length + ",indices:" + indicesToString(this.indices);
+ }
+ }
+
+ /**
+ * Simple interface to generate credentials with authorization based on key
+ * indices also. This is utilized by the post-operation authorization tests
+ * where authorization is based on key indices.
+ *
+ * @since GemFire 5.5
+ */
+ protected interface TestCredentialGenerator {
+
+ /**
+ * Get allowed credentials for the given set of operations in the given
+ * regions and indices of KEYS in the <code>KEYS</code> array
+ */
+ public Properties getAllowedCredentials(OperationCode[] opCodes, String[] regionNames, int[] keyIndices, int num);
+
+ /**
+ * Get disallowed credentials for the given set of operations in the given
+ * regions and indices of KEYS in the <code>KEYS</code> array
+ */
+ public Properties getDisallowedCredentials(OperationCode[] opCodes, String[] regionNames, int[] keyIndices, int num);
+
+ /**
+ * Get the {@link CredentialGenerator} if any.
+ */
+ public CredentialGenerator getCredentialGenerator();
+ }
+
+ /**
+ * Contains a {@link AuthzCredentialGenerator} and implements the
+ * {@link TestCredentialGenerator} interface.
+ *
+ * @since GemFire 5.5
+ */
+ protected static class TestAuthzCredentialGenerator implements TestCredentialGenerator {
+
+ private AuthzCredentialGenerator authzGen;
+
+ public TestAuthzCredentialGenerator(final AuthzCredentialGenerator authzGen) {
+ this.authzGen = authzGen;
+ }
+
+ public Properties getAllowedCredentials(final OperationCode[] opCodes, final String[] regionNames, final int[] keyIndices, final int num) {
+ return this.authzGen.getAllowedCredentials(opCodes, regionNames, num);
+ }
+
+ public Properties getDisallowedCredentials(final OperationCode[] opCodes, final String[] regionNames, final int[] keyIndices, final int num) {
+ return this.authzGen.getDisallowedCredentials(opCodes, regionNames, num);
+ }
+
+ public CredentialGenerator getCredentialGenerator() {
+ return authzGen.getCredentialGenerator();
+ }
+ }
+}
[08/15] incubator-geode git commit: GEODE-37 Renamed security related
stuff
Posted by hi...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/templates/UsernamePrincipalTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/templates/UsernamePrincipalTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/templates/UsernamePrincipalTest.java
deleted file mode 100644
index 7fbb454..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/templates/UsernamePrincipalTest.java
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security.templates;
-
-import static org.assertj.core.api.Assertions.*;
-
-import java.io.Serializable;
-
-import org.apache.commons.lang.SerializationUtils;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-import com.gemstone.gemfire.test.junit.categories.UnitTest;
-
-/**
- * Unit tests for {@link UsernamePrincipal}
- */
-@Category({ UnitTest.class, SecurityTest.class })
-public class UsernamePrincipalTest {
-
- @Test
- public void isSerializable() throws Exception {
- assertThat(UsernamePrincipal.class).isInstanceOf(Serializable.class);
- }
-
- @Test
- public void canBeSerialized() throws Exception {
- String name = "jsmith";
- UsernamePrincipal instance = new UsernamePrincipal(name);
-
- UsernamePrincipal cloned = (UsernamePrincipal) SerializationUtils.clone(instance);
-
- assertThat(cloned.getName()).isEqualTo(name);
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/templates/XmlAuthorization.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/templates/XmlAuthorization.java b/geode-core/src/test/java/com/gemstone/gemfire/security/templates/XmlAuthorization.java
deleted file mode 100755
index 4349260..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/templates/XmlAuthorization.java
+++ /dev/null
@@ -1,615 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security.templates;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.security.Principal;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-
-import org.w3c.dom.Attr;
-import org.w3c.dom.Document;
-import org.w3c.dom.NamedNodeMap;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-import org.xml.sax.EntityResolver;
-import org.xml.sax.InputSource;
-import org.xml.sax.SAXException;
-import org.xml.sax.SAXParseException;
-
-import com.gemstone.gemfire.LogWriter;
-import com.gemstone.gemfire.cache.Cache;
-import com.gemstone.gemfire.cache.operations.ExecuteFunctionOperationContext;
-import com.gemstone.gemfire.cache.operations.OperationContext;
-import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
-import com.gemstone.gemfire.cache.operations.QueryOperationContext;
-import com.gemstone.gemfire.distributed.DistributedMember;
-import com.gemstone.gemfire.security.AccessControl;
-import com.gemstone.gemfire.security.NotAuthorizedException;
-
-/**
- * An implementation of the {@link AccessControl} interface that allows
- * authorization using the permissions as specified in the given XML
- * file.
- *
- * The format of the XML file is specified in <a href="authz5_5.dtd"/>. It
- * implements a role-based authorization at the operation level for each region.
- * Each principal name may be associated with a set of roles. The name of the
- * principal is obtained using the {@link Principal#getName()} method and no other
- * information of the principal is utilized. Each role can be provided
- * permissions to execute operations for each region.
- *
- * The top-level element in the XML is "acl" tag that contains the "role" and
- * "permission" tags. The "role" tag contains the list of users that have been
- * given that role. The name of the role is specified in the "role" attribute
- * and the users are contained in the "user" tags insided the "role" tag.
- *
- * The "permissions" tag contains the list of operations allowed for a
- * particular region. The role name is specified as the "role" attribute, the
- * list of comma separated region names as the optional "regions" attribute and
- * the operation names are contained in the "operation" tags inside the
- * "permissions" tag. The allowed operation names are: GET, PUT, PUTALL,
- * DESTROY, REGISTER_INTEREST, UNREGISTER_INTEREST, CONTAINS_KEY, KEY_SET,
- * QUERY, EXECUTE_CQ, STOP_CQ, CLOSE_CQ, REGION_CLEAR, REGION_CREATE,
- * REGION_DESTROY. These correspond to the operations in the
- * {@link OperationCode} enumeration with the same name.
- *
- * When no region name is specified then the operation is allowed for all
- * regions in the cache. Any permissions specified for regions using the
- * "regions" attribute override these permissions. This allows users to provide
- * generic permissions without any region name, and override for specific
- * regions specified using the "regions" attribute. A cache-level operation
- * (e.g. {@link OperationCode#REGION_DESTROY}) specified for a particular region
- * is ignored i.e. the cache-level operations are only applicable when no region
- * name is specified. A {@link OperationCode#QUERY} operation is permitted when
- * either the {@code QUERY} permission is provided at the cache-level for
- * the user or when {@code QUERY} permission is provided for all the
- * regions that are part of the query string.
- *
- * Any roles specified in the "user" tag that do not have a specified permission
- * set using the "permission" tags are ignored. When no {@link Principal} is
- * associated with the current connection, then empty user name is used to
- * search for the roles so an empty user name can be used to specify roles of
- * unauthenticated clients (i.e. {@code Everyone}).
- *
- * This sample implementation is useful only for pre-operation checks and should
- * not be used for post-operation authorization since it does nothing useful for
- * post-operation case.
- *
- * @since GemFire 5.5
- */
-public class XmlAuthorization implements AccessControl {
-
- public static final String DOC_URI_PROP_NAME = "security-authz-xml-uri";
-
- private static final Object sync = new Object();
- private static final String EMPTY_VALUE = "";
-
- private static final String TAG_ROLE = "role";
- private static final String TAG_USER = "user";
- private static final String TAG_PERMS = "permission";
- private static final String TAG_OP = "operation";
-
- private static final String ATTR_ROLENAME = "name";
- private static final String ATTR_ROLE = "role";
- private static final String ATTR_REGIONS = "regions";
- private static final String ATTR_FUNCTION_IDS = "functionIds";
- private static final String ATTR_FUNCTION_OPTIMIZE_FOR_WRITE = "optimizeForWrite";
- private static final String ATTR_FUNCTION_KEY_SET = "keySet";
-
- private static String currentDocUri = null;
- private static Map<String, HashSet<String>> userRoles = null;
- private static Map<String, Map<String, Map<OperationCode, FunctionSecurityPrmsHolder>>> rolePermissions = null;
- private static NotAuthorizedException xmlLoadFailure = null;
-
- private final Map<String, Map<OperationCode, FunctionSecurityPrmsHolder>> allowedOps;
-
- protected LogWriter systemLogWriter;
- protected LogWriter securityLogWriter;
-
- /**
- * Public static factory method to create an instance of
- * {@code XmlAuthorization}. The fully qualified name of the class
- * ({@code com.gemstone.gemfire.security.templates.XmlAuthorization.create})
- * should be mentioned as the {@code security-client-accessor} system
- * property to enable pre-operation authorization checks as implemented in
- * this class.
- *
- * @return an object of {@code XmlAuthorization} class
- */
- public static AccessControl create() {
- return new XmlAuthorization();
- }
-
- /**
- * Clear all the statically cached information.
- */
- public static void clear() {
- XmlAuthorization.currentDocUri = null;
- if (XmlAuthorization.userRoles != null) {
- XmlAuthorization.userRoles.clear();
- XmlAuthorization.userRoles = null;
- }
- if (XmlAuthorization.rolePermissions != null) {
- XmlAuthorization.rolePermissions.clear();
- XmlAuthorization.rolePermissions = null;
- }
- XmlAuthorization.xmlLoadFailure = null;
- }
-
- /**
- * Change the region name to a standard format having single '/' as separator
- * and starting with a '/' as in standard POSIX paths
- */
- public static String normalizeRegionName(final String regionName) {
- if (regionName == null || regionName.length() == 0) {
- return EMPTY_VALUE;
- }
-
- char[] resultName = new char[regionName.length() + 1];
- boolean changed = false;
- boolean isPrevCharSlash = false;
- int startIndex;
-
- if (regionName.charAt(0) != '/') {
- changed = true;
- startIndex = 0;
- } else {
- isPrevCharSlash = true;
- startIndex = 1;
- }
-
- resultName[0] = '/';
- int resultLength = 1;
-
- // Replace all more than one '/'s with a single '/'
- for (int index = startIndex; index < regionName.length(); ++index) {
- char currChar = regionName.charAt(index);
- if (currChar == '/') {
- if (isPrevCharSlash) {
- changed = true;
- continue;
- }
- isPrevCharSlash = true;
- } else {
- isPrevCharSlash = false;
- }
- resultName[resultLength++] = currChar;
- }
-
- // Remove any trailing slash
- if (resultName[resultLength - 1] == '/') {
- --resultLength;
- changed = true;
- }
-
- if (changed) {
- return new String(resultName, 0, resultLength);
- } else {
- return regionName;
- }
- }
-
- private XmlAuthorization() {
- this.allowedOps = new HashMap<String, Map<OperationCode, FunctionSecurityPrmsHolder>>();
- this.systemLogWriter = null;
- this.securityLogWriter = null;
- }
-
- /**
- * Initialize the {@code XmlAuthorization} callback for a client having
- * the given principal.
- *
- * This method caches the full XML authorization file the first time it is
- * invoked and caches all the permissions for the provided
- * {@code principal} to speed up lookup the
- * {@code authorizeOperation} calls. The permissions for the principal
- * are maintained as a {@link Map} of region name to the {@link HashSet} of
- * operations allowed for that region. A global entry with region name as
- * empty string is also made for permissions provided for all the regions.
- *
- * @param principal
- * the principal associated with the authenticated client
- * @param cache
- * reference to the cache object
- * @param remoteMember
- * the {@link DistributedMember} object for the remote authenticated
- * client
- *
- * @throws NotAuthorizedException
- * if some exception condition happens during the initialization
- * while reading the XML; in such a case all subsequent client
- * operations will throw {@code NotAuthorizedException}
- */
- @Override
- public void init(final Principal principal, final DistributedMember remoteMember, final Cache cache) throws NotAuthorizedException {
- synchronized (sync) {
- XmlAuthorization.init(cache);
- }
-
- this.systemLogWriter = cache.getLogger();
- this.securityLogWriter = cache.getSecurityLogger();
-
- String name;
- if (principal != null) {
- name = principal.getName();
- } else {
- name = EMPTY_VALUE;
- }
-
- HashSet<String> roles = XmlAuthorization.userRoles.get(name);
- if (roles != null) {
- for (String roleName : roles) {
- Map<String, Map<OperationCode, FunctionSecurityPrmsHolder>> regionOperationMap = XmlAuthorization.rolePermissions.get(roleName);
- if (regionOperationMap != null) {
- for (Map.Entry<String, Map<OperationCode, FunctionSecurityPrmsHolder>> regionEntry : regionOperationMap.entrySet()) {
- String regionName = regionEntry.getKey();
- Map<OperationCode, FunctionSecurityPrmsHolder> regionOperations = this.allowedOps.get(regionName);
- if (regionOperations == null) {
- regionOperations = new HashMap<OperationCode, FunctionSecurityPrmsHolder>();
- this.allowedOps.put(regionName, regionOperations);
- }
- regionOperations.putAll(regionEntry.getValue());
- }
- }
- }
- }
- }
-
- /**
- * Return true if the given operation is allowed for the cache/region.
- *
- * This looks up the cached permissions of the principal in the map for the
- * provided region name. If none are found then the global permissions with
- * empty region name are looked up. The operation is allowed if it is found
- * this permission list.
- *
- * @param regionName
- * When null then it indicates a cache-level operation, else the
- * name of the region for the operation.
- * @param context
- * the data required by the operation
- *
- * @return true if the operation is authorized and false otherwise
- */
- @Override
- public boolean authorizeOperation(String regionName, final OperationContext context) {
- Map<OperationCode, FunctionSecurityPrmsHolder> operationMap;
-
- // Check GET permissions for updates from server to client
- if (context.isClientUpdate()) {
- operationMap = this.allowedOps.get(regionName);
- if (operationMap == null && regionName.length() > 0) {
- operationMap = this.allowedOps.get(EMPTY_VALUE);
- }
- if (operationMap != null) {
- return operationMap.containsKey(OperationCode.GET);
- }
- return false;
- }
-
- OperationCode opCode = context.getOperationCode();
- if (opCode.isQuery() || opCode.isExecuteCQ() || opCode.isCloseCQ() || opCode.isStopCQ()) {
- // First check if cache-level permission has been provided
- operationMap = this.allowedOps.get(EMPTY_VALUE);
- boolean globalPermission = (operationMap != null && operationMap .containsKey(opCode));
- Set<String> regionNames = ((QueryOperationContext)context) .getRegionNames();
- if (regionNames == null || regionNames.size() == 0) {
- return globalPermission;
- }
-
- for (String r : regionNames) {
- regionName = normalizeRegionName(r);
- operationMap = this.allowedOps.get(regionName);
- if (operationMap == null) {
- if (!globalPermission) {
- return false;
- }
- } else if (!operationMap.containsKey(opCode)) {
- return false;
- }
- }
- return true;
- }
-
- final String normalizedRegionName = normalizeRegionName(regionName);
- operationMap = this.allowedOps.get(normalizedRegionName);
- if (operationMap == null && normalizedRegionName.length() > 0) {
- operationMap = this.allowedOps.get(EMPTY_VALUE);
- }
- if (operationMap != null) {
- if (context.getOperationCode() != OperationCode.EXECUTE_FUNCTION) {
- return operationMap.containsKey(context.getOperationCode());
-
- } else {
- if (!operationMap.containsKey(context.getOperationCode())) {
- return false;
-
- } else {
- if (!context.isPostOperation()) {
- FunctionSecurityPrmsHolder functionParameter = operationMap.get(context.getOperationCode());
- ExecuteFunctionOperationContext functionContext = (ExecuteFunctionOperationContext) context;
- // OnRegion execution
- if (functionContext.getRegionName() != null) {
- if (functionParameter.isOptimizeForWrite() != null && functionParameter.isOptimizeForWrite().booleanValue() != functionContext.isOptimizeForWrite()) {
- return false;
- }
- if (functionParameter.getFunctionIds() != null && !functionParameter.getFunctionIds().contains( functionContext.getFunctionId())) {
- return false;
- }
- if (functionParameter.getKeySet() != null && functionContext.getKeySet() != null) {
- if (functionContext.getKeySet().containsAll( functionParameter.getKeySet())) {
- return false;
- }
- }
- return true;
-
- } else {// On Server execution
- if (functionParameter.getFunctionIds() != null && !functionParameter.getFunctionIds().contains(functionContext.getFunctionId())) {
- return false;
- }
- return true;
- }
-
- } else {
- ExecuteFunctionOperationContext functionContext = (ExecuteFunctionOperationContext)context;
- FunctionSecurityPrmsHolder functionParameter = operationMap.get(context.getOperationCode());
- if (functionContext.getRegionName() != null) {
- if (functionContext.getResult() instanceof ArrayList && functionParameter.getKeySet() != null) {
- ArrayList<String> resultList = (ArrayList)functionContext.getResult();
- Set<String> nonAllowedKeys = functionParameter.getKeySet();
- if (resultList.containsAll(nonAllowedKeys)) {
- return false;
- }
- }
- return true;
-
- } else {
- ArrayList<String> resultList = (ArrayList)functionContext.getResult();
- final String inSecureItem = "Insecure item";
- if (resultList.contains(inSecureItem)) {
- return false;
- }
- return true;
- }
- }
- }
- }
- }
- return false;
- }
-
- /**
- * Clears the cached information for this principal.
- */
- @Override
- public void close() {
- this.allowedOps.clear();
- }
-
- /** Get the attribute value for a given attribute name of a node. */
- private static String getAttributeValue(final Node node, final String attrName) {
- NamedNodeMap attrMap = node.getAttributes();
- Node attrNode;
- if (attrMap != null && (attrNode = attrMap.getNamedItem(attrName)) != null) {
- return ((Attr)attrNode).getValue();
- }
- return EMPTY_VALUE;
- }
-
- /** Get the string contained in the first text child of the node. */
- private static String getNodeValue(final Node node) {
- NodeList childNodes = node.getChildNodes();
- for (int index = 0; index < childNodes.getLength(); index++) {
- Node childNode = childNodes.item(index);
- if (childNode.getNodeType() == Node.TEXT_NODE) {
- return childNode.getNodeValue();
- }
- }
- return EMPTY_VALUE;
- }
-
- /**
- * Cache authorization information for all users statically. This method is
- * not thread-safe and is should either be invoked only once, or the caller
- * should take the appropriate locks.
- *
- * @param cache reference to the cache object for the distributed system
- */
- private static void init(final Cache cache) throws NotAuthorizedException {
- final LogWriter systemLogWriter = cache.getLogger();
- final String xmlDocumentUri = (String)cache.getDistributedSystem().getSecurityProperties().get(DOC_URI_PROP_NAME);
-
- try {
- if (xmlDocumentUri == null) {
- throw new NotAuthorizedException("No ACL file defined using tag [" + DOC_URI_PROP_NAME + "] in system properties");
- }
- if (xmlDocumentUri.equals(XmlAuthorization.currentDocUri)) {
- if (XmlAuthorization.xmlLoadFailure != null) {
- throw XmlAuthorization.xmlLoadFailure;
- }
- return;
- }
-
- final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
- factory.setIgnoringComments(true);
- factory.setIgnoringElementContentWhitespace(true);
- factory.setValidating(true);
-
- final DocumentBuilder builder = factory.newDocumentBuilder();
- final XmlErrorHandler errorHandler = new XmlErrorHandler(systemLogWriter, xmlDocumentUri);
- builder.setErrorHandler(errorHandler);
- builder.setEntityResolver(new AuthzDtdResolver());
-
- final Document xmlDocument = builder.parse(xmlDocumentUri);
-
- XmlAuthorization.userRoles = new HashMap<String, HashSet<String>>();
- XmlAuthorization.rolePermissions = new HashMap<String, Map<String, Map<OperationCode, FunctionSecurityPrmsHolder>>>();
-
- final NodeList roleUserNodes = xmlDocument.getElementsByTagName(TAG_ROLE);
-
- for (int roleIndex = 0; roleIndex < roleUserNodes.getLength(); roleIndex++) {
- final Node roleUserNode = roleUserNodes.item(roleIndex);
- final String roleName = getAttributeValue(roleUserNode, ATTR_ROLENAME);
- final NodeList userNodes = roleUserNode.getChildNodes();
-
- for (int userIndex = 0; userIndex < userNodes.getLength(); userIndex++) {
- final Node userNode = userNodes.item(userIndex);
-
- if (TAG_USER.equals(userNode.getNodeName())) {
- final String userName = getNodeValue(userNode);
- HashSet<String> userRoleSet = XmlAuthorization.userRoles.get(userName);
- if (userRoleSet == null) {
- userRoleSet = new HashSet<String>();
- XmlAuthorization.userRoles.put(userName, userRoleSet);
- }
- userRoleSet.add(roleName);
-
- } else {
- throw new SAXParseException("Unknown tag [" + userNode.getNodeName() + "] as child of tag [" + TAG_ROLE + ']', null);
- }
- }
- }
-
- final NodeList rolePermissionNodes = xmlDocument.getElementsByTagName(TAG_PERMS);
-
- for (int permIndex = 0; permIndex < rolePermissionNodes.getLength(); permIndex++) {
- final Node rolePermissionNode = rolePermissionNodes.item(permIndex);
- final String roleName = getAttributeValue(rolePermissionNode, ATTR_ROLE);
- Map<String, Map<OperationCode, FunctionSecurityPrmsHolder>> regionOperationMap = XmlAuthorization.rolePermissions.get(roleName);
-
- if (regionOperationMap == null) {
- regionOperationMap = new HashMap<String, Map<OperationCode, FunctionSecurityPrmsHolder>>();
- XmlAuthorization.rolePermissions.put(roleName, regionOperationMap);
- }
-
- final NodeList operationNodes = rolePermissionNode.getChildNodes();
- final HashMap<OperationCode, FunctionSecurityPrmsHolder> operationMap = new HashMap<OperationCode, FunctionSecurityPrmsHolder>();
-
- for (int opIndex = 0; opIndex < operationNodes.getLength(); opIndex++) {
- final Node operationNode = operationNodes.item(opIndex);
-
- if (TAG_OP.equals(operationNode.getNodeName())) {
- final String operationName = getNodeValue(operationNode);
- final OperationCode code = OperationCode.valueOf(operationName);
-
- if (code == null) {
- throw new SAXParseException("Unknown operation [" + operationName + ']', null);
- }
-
- if (code != OperationCode.EXECUTE_FUNCTION) {
- operationMap.put(code, null);
-
- } else {
- final String optimizeForWrite = getAttributeValue(operationNode, ATTR_FUNCTION_OPTIMIZE_FOR_WRITE);
- final String functionAttr = getAttributeValue(operationNode, ATTR_FUNCTION_IDS);
- final String keysAttr = getAttributeValue(operationNode, ATTR_FUNCTION_KEY_SET);
-
- Boolean isOptimizeForWrite;
- HashSet<String> functionIds;
- HashSet<String> keySet;
-
- if (optimizeForWrite == null || optimizeForWrite.length() == 0) {
- isOptimizeForWrite = null;
- } else {
- isOptimizeForWrite = Boolean.parseBoolean(optimizeForWrite);
- }
-
- if (functionAttr == null || functionAttr.length() == 0) {
- functionIds = null;
- } else {
- final String[] functionArray = functionAttr.split(",");
- functionIds = new HashSet<String>();
- for (int strIndex = 0; strIndex < functionArray.length; ++strIndex) {
- functionIds.add((functionArray[strIndex]));
- }
- }
-
- if (keysAttr == null || keysAttr.length() == 0) {
- keySet = null;
- } else {
- final String[] keySetArray = keysAttr.split(",");
- keySet = new HashSet<String>();
- for (int strIndex = 0; strIndex < keySetArray.length; ++strIndex) {
- keySet.add((keySetArray[strIndex]));
- }
- }
-
- final FunctionSecurityPrmsHolder functionContext = new FunctionSecurityPrmsHolder(isOptimizeForWrite, functionIds, keySet);
- operationMap.put(code, functionContext);
- }
-
- } else {
- throw new SAXParseException("Unknown tag [" + operationNode.getNodeName() + "] as child of tag [" + TAG_PERMS + ']', null);
- }
- }
-
- final String regionNames = getAttributeValue(rolePermissionNode, ATTR_REGIONS);
- if (regionNames == null || regionNames.length() == 0) {
- regionOperationMap.put(EMPTY_VALUE, operationMap);
- } else {
- final String[] regionNamesSplit = regionNames.split(",");
- for (int strIndex = 0; strIndex < regionNamesSplit.length; ++strIndex) {
- regionOperationMap.put(normalizeRegionName(regionNamesSplit[strIndex]), operationMap);
- }
- }
- }
- XmlAuthorization.currentDocUri = xmlDocumentUri;
-
- } catch (Exception ex) {
- String message;
- if (ex instanceof NotAuthorizedException) {
- message = ex.getMessage();
- }
- else {
- message = ex.getClass().getName() + ": " + ex.getMessage();
- }
- systemLogWriter.warning("XmlAuthorization.init: " + message);
- XmlAuthorization.xmlLoadFailure = new NotAuthorizedException(message, ex);
- throw XmlAuthorization.xmlLoadFailure;
- }
- }
-
- private static class AuthzDtdResolver implements EntityResolver {
- final Pattern authzPattern = Pattern.compile("authz.*\\.dtd");
-
- @Override
- public InputSource resolveEntity(final String publicId, final String systemId) throws SAXException, IOException {
- try {
- final Matcher matcher = authzPattern.matcher(systemId);
- if (matcher.find()) {
- final String dtdName = matcher.group(0);
- final InputStream stream = XmlAuthorization.class.getResourceAsStream(dtdName);
- return new InputSource(stream);
- }
-
- } catch(Exception e) {
- //do nothing, use the default resolver
- }
-
- return null;
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/templates/XmlErrorHandler.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/templates/XmlErrorHandler.java b/geode-core/src/test/java/com/gemstone/gemfire/security/templates/XmlErrorHandler.java
deleted file mode 100755
index c770eb7..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/templates/XmlErrorHandler.java
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security.templates;
-
-import org.apache.logging.log4j.Logger;
-import org.xml.sax.ErrorHandler;
-import org.xml.sax.SAXException;
-import org.xml.sax.SAXParseException;
-
-import com.gemstone.gemfire.LogWriter;
-import com.gemstone.gemfire.internal.logging.LogService;
-
-/**
- * Implementation of {@link ErrorHandler} interface to handle validation errors
- * while XML parsing.
- *
- * This throws back exceptions raised for {@code error} and {@code fatalError}
- * cases while a {@link LogWriter#warning(String)} level logging is done for
- * the {@code warning} case.
- *
- * @since GemFire 5.5
- */
-public class XmlErrorHandler implements ErrorHandler {
-
- private static final Logger logger = LogService.getLogger();
-
- private final LogWriter systemLogWriter;
- private final String xmlFileName;
-
- public XmlErrorHandler(final LogWriter systemLogWriter, final String xmlFileName) {
- this.systemLogWriter = systemLogWriter;
- this.xmlFileName = xmlFileName;
- }
-
- /**
- * Throws back the exception with the name of the XML file and the position
- * where the exception occurred.
- */
- @Override
- public void error(final SAXParseException exception) throws SAXException {
- throw new SAXParseException("Error while parsing XML at line " + exception.getLineNumber() + " column " + exception.getColumnNumber() + ": " + exception.getMessage(), null, exception);
- }
-
- /**
- * Throws back the exception with the name of the XML file and the position
- * where the exception occurred.
- */
- @Override
- public void fatalError(final SAXParseException exception) throws SAXException {
- throw new SAXParseException("Fatal error while parsing XML at line " + exception.getLineNumber() + " column " + exception.getColumnNumber() + ": " + exception.getMessage(), null, exception);
- }
-
- /**
- * Log the exception at {@link LogWriter#warning(String)} level with XML
- * filename and the position of exception in the file.
- */
- @Override
- public void warning(final SAXParseException exception) throws SAXException {
- this.systemLogWriter.warning("Warning while parsing XML [" + this.xmlFileName + "] at line " + exception.getLineNumber() + " column " + exception.getColumnNumber() + ": " + exception.getMessage(), exception);
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/AbstractSecureServerDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/AbstractSecureServerDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/AbstractSecureServerDUnitTest.java
new file mode 100644
index 0000000..fd38814
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/AbstractSecureServerDUnitTest.java
@@ -0,0 +1,162 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+import static org.assertj.core.api.Assertions.*;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.Properties;
+
+import org.apache.geode.security.templates.SampleSecurityManager;
+import org.assertj.core.api.ThrowableAssert.ThrowingCallable;
+import org.junit.Before;
+
+import com.gemstone.gemfire.cache.Cache;
+import com.gemstone.gemfire.cache.CacheFactory;
+import com.gemstone.gemfire.cache.Region;
+import com.gemstone.gemfire.cache.RegionShortcut;
+import com.gemstone.gemfire.cache.client.ClientCache;
+import com.gemstone.gemfire.cache.client.ClientCacheFactory;
+import com.gemstone.gemfire.cache.client.ClientRegionShortcut;
+import com.gemstone.gemfire.cache.server.CacheServer;
+import com.gemstone.gemfire.distributed.*;
+import com.gemstone.gemfire.security.templates.UserPasswordAuthInit;
+import com.gemstone.gemfire.test.dunit.Host;
+import com.gemstone.gemfire.test.dunit.Invoke;
+import com.gemstone.gemfire.test.dunit.VM;
+import com.gemstone.gemfire.test.dunit.cache.internal.JUnit4CacheTestCase;
+
+public class AbstractSecureServerDUnitTest extends JUnit4CacheTestCase {
+
+ protected static final String REGION_NAME = "AuthRegion";
+
+ protected VM client1 = null;
+ protected VM client2 = null;
+ protected VM client3 = null;
+ protected int serverPort;
+
+ // child classes can customize these parameters
+ protected Class postProcessor = null;
+ protected boolean pdxPersistent = false;
+ protected int jmxPort = 0;
+ protected int restPort = 0;
+ protected Map<String, Object> values;
+ protected volatile Properties dsProperties;
+
+ public AbstractSecureServerDUnitTest(){
+ values = new HashMap();
+ for(int i=0; i<5; i++){
+ values.put("key"+i, "value"+i);
+ }
+ }
+
+ @Before
+ public void before() throws Exception {
+ final Host host = Host.getHost(0);
+ this.client1 = host.getVM(1);
+ this.client2 = host.getVM(2);
+ this.client3 = host.getVM(3);
+
+ Properties props = new Properties();
+ props.setProperty(SampleSecurityManager.SECURITY_JSON, "com/gemstone/gemfire/management/internal/security/clientServer.json");
+ props.setProperty(SECURITY_MANAGER, SampleSecurityManager.class.getName());
+// props.setProperty(SECURITY_SHIRO_INIT, "shiro.ini");
+ props.setProperty(LOCATORS, "");
+ props.setProperty(MCAST_PORT, "0");
+ if (postProcessor!=null) {
+ props.setProperty(SECURITY_POST_PROCESSOR, postProcessor.getName());
+ }
+ props.setProperty(SECURITY_LOG_LEVEL, "finest");
+
+ props.setProperty("security-pdx", pdxPersistent+"");
+ if(jmxPort>0){
+ props.put(JMX_MANAGER, "true");
+ props.put(JMX_MANAGER_START, "true");
+ props.put(JMX_MANAGER_PORT, String.valueOf(jmxPort));
+ }
+
+ if(restPort>0){
+ props.setProperty(START_DEV_REST_API, "true");
+ props.setProperty(HTTP_SERVICE_BIND_ADDRESS, "localhost");
+ props.setProperty(HTTP_SERVICE_PORT, restPort+"");
+ }
+
+ props.put(ConfigurationProperties.ENABLE_NETWORK_PARTITION_DETECTION, "false");
+
+ this.dsProperties = props;
+
+ getSystem(props);
+
+ CacheFactory cf = new CacheFactory();
+ cf.setPdxPersistent(pdxPersistent);
+ cf.setPdxReadSerialized(pdxPersistent);
+ Cache cache = getCache(cf);
+
+ Region region = cache.createRegionFactory(RegionShortcut.REPLICATE).create(REGION_NAME);
+
+ CacheServer server = cache.addCacheServer();
+ server.setPort(0);
+ server.start();
+
+ this.serverPort = server.getPort();
+
+ for(Entry entry:values.entrySet()){
+ region.put(entry.getKey(), entry.getValue());
+ }
+ }
+
+ @Override
+ public Properties getDistributedSystemProperties() {
+ return dsProperties;
+ }
+
+ @Override
+ public void preTearDownCacheTestCase() throws Exception {
+ Invoke.invokeInEveryVM(()->closeCache());
+ closeCache();
+ }
+
+ public static void assertNotAuthorized(ThrowingCallable shouldRaiseThrowable, String permString) {
+ assertThatThrownBy(shouldRaiseThrowable).hasMessageContaining(permString);
+ }
+
+ public static Properties createClientProperties(String userName, String password) {
+ Properties props = new Properties();
+ props.setProperty(UserPasswordAuthInit.USER_NAME, userName);
+ props.setProperty(UserPasswordAuthInit.PASSWORD, password);
+ props.setProperty(LOG_LEVEL, "fine");
+ props.setProperty(LOCATORS, "");
+ props.setProperty(MCAST_PORT, "0");
+ props.setProperty(SECURITY_CLIENT_AUTH_INIT, UserPasswordAuthInit.class.getName() + ".create");
+ props.setProperty(SECURITY_LOG_LEVEL, "finest");
+ return props;
+ }
+
+ public static ClientCache createClientCache(String username, String password, int serverPort){
+ ClientCache cache = new ClientCacheFactory(createClientProperties(username, password))
+ .setPoolSubscriptionEnabled(true)
+ .addPoolServer("localhost", serverPort)
+ .create();
+
+ cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME);
+ return cache;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/ClientAuthenticationDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/ClientAuthenticationDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/ClientAuthenticationDUnitTest.java
new file mode 100644
index 0000000..dbc782f
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/ClientAuthenticationDUnitTest.java
@@ -0,0 +1,90 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import com.gemstone.gemfire.test.junit.categories.DistributedTest;
+import com.gemstone.gemfire.test.junit.categories.FlakyTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+
+import org.junit.Ignore;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+/**
+ * Test for authentication from client to server. This tests for both valid and
+ * invalid credentials/modules. It also checks for authentication
+ * success/failure in case of failover and for the notification channel.
+ *
+ * @since GemFire 5.5
+ */
+@Category({ DistributedTest.class, SecurityTest.class })
+public class ClientAuthenticationDUnitTest extends ClientAuthenticationTestCase {
+
+ @Test
+ public void testValidCredentials() throws Exception {
+ doTestValidCredentials(false);
+ }
+
+ @Test
+ public void testNoCredentials() throws Exception {
+ doTestNoCredentials(false);
+ }
+
+ @Test
+ public void testInvalidCredentials() throws Exception {
+ doTestInvalidCredentials(false);
+ }
+
+ @Test
+ public void testInvalidAuthInit() throws Exception {
+ doTestInvalidAuthInit(false);
+ }
+
+ @Test
+ public void testNoAuthInitWithCredentials() throws Exception {
+ doTestNoAuthInitWithCredentials(false);
+ }
+
+ @Test
+ public void testInvalidAuthenticator() throws Exception {
+ doTestInvalidAuthenticator(false);
+ }
+
+ @Test
+ public void testNoAuthenticatorWithCredentials() throws Exception {
+ doTestNoAuthenticatorWithCredentials(false);
+ }
+
+ @Test
+ public void testCredentialsWithFailover() throws Exception {
+ doTestCredentialsWithFailover(false);
+ }
+
+ @Category(FlakyTest.class) // GEODE-838: random ports, thread sleeps, time sensitive
+ @Test
+ public void testCredentialsForNotifications() throws Exception {
+ doTestCredentialsForNotifications(false);
+ }
+
+ @Ignore("Disabled for unknown reason")
+ @Test
+ public void testValidCredentialsForMultipleUsers() throws Exception {
+ doTestValidCredentials(true);
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/ClientAuthenticationPart2DUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/ClientAuthenticationPart2DUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/ClientAuthenticationPart2DUnitTest.java
new file mode 100644
index 0000000..24fcc3f
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/ClientAuthenticationPart2DUnitTest.java
@@ -0,0 +1,76 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import org.junit.Ignore;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import com.gemstone.gemfire.test.junit.categories.DistributedTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+
+/**
+ * this class contains test methods that used to be in its superclass but
+ * that test started taking too long and caused dunit runs to hang
+ */
+@Category({ DistributedTest.class, SecurityTest.class })
+public class ClientAuthenticationPart2DUnitTest extends ClientAuthenticationTestCase {
+
+ @Test
+ public void testNoCredentialsForMultipleUsers() throws Exception {
+ doTestNoCredentials(true);
+ }
+
+ @Test
+ public void testInvalidCredentialsForMultipleUsers() throws Exception {
+ doTestInvalidCredentials(true);
+ }
+
+ @Test
+ public void testInvalidAuthInitForMultipleUsers() throws Exception {
+ doTestInvalidAuthInit(true);
+ }
+
+ @Test
+ public void testNoAuthInitWithCredentialsForMultipleUsers() throws Exception {
+ doTestNoAuthInitWithCredentials(true);
+ }
+
+ @Test
+ public void testInvalidAuthenitcatorForMultipleUsers() throws Exception {
+ doTestInvalidAuthenticator(true);
+ }
+
+ @Test
+ public void testNoAuthenticatorWithCredentialsForMultipleUsers() throws Exception {
+ doTestNoAuthenticatorWithCredentials(true);
+ }
+
+ @Ignore("Disabled for unknown reason")
+ @Test
+ public void testCredentialsWithFailoverForMultipleUsers() throws Exception {
+ doTestCredentialsWithFailover(true);
+ }
+
+ @Ignore("Disabled for unknown reason")
+ @Test
+ public void testCredentialsForNotificationsForMultipleUsers() throws Exception {
+ doTestCredentialsForNotifications(true);
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/ClientAuthenticationTestCase.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/ClientAuthenticationTestCase.java b/geode-core/src/test/java/org/apache/geode/security/ClientAuthenticationTestCase.java
new file mode 100644
index 0000000..7e6d022
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/ClientAuthenticationTestCase.java
@@ -0,0 +1,562 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import static com.gemstone.gemfire.internal.AvailablePort.*;
+import static com.gemstone.gemfire.security.ClientAuthenticationTestUtils.createCacheClient;
+import static com.gemstone.gemfire.security.ClientAuthenticationTestUtils.createCacheServer;
+import static com.gemstone.gemfire.security.ClientAuthenticationTestUtils.*;
+import static com.gemstone.gemfire.security.SecurityTestUtils.*;
+import static com.gemstone.gemfire.security.SecurityTestUtils.createCacheClient;
+import static com.gemstone.gemfire.test.dunit.IgnoredException.*;
+import static com.gemstone.gemfire.test.dunit.LogWriterUtils.*;
+import static com.gemstone.gemfire.test.dunit.Wait.*;
+
+import java.io.IOException;
+import java.util.Properties;
+import javax.net.ssl.SSLException;
+import javax.net.ssl.SSLHandshakeException;
+
+import com.gemstone.gemfire.security.generator.CredentialGenerator;
+import com.gemstone.gemfire.security.generator.DummyCredentialGenerator;
+import com.gemstone.gemfire.test.dunit.Host;
+import com.gemstone.gemfire.test.dunit.VM;
+import com.gemstone.gemfire.test.dunit.internal.JUnit4DistributedTestCase;
+
+public abstract class ClientAuthenticationTestCase extends JUnit4DistributedTestCase {
+
+ private VM server1 = null;
+ private VM server2 = null;
+ private VM client1 = null;
+ private VM client2 = null;
+
+ private static final String[] serverIgnoredExceptions = {
+ AuthenticationRequiredException.class.getName(),
+ AuthenticationFailedException.class.getName(),
+ GemFireSecurityException.class.getName(),
+ ClassNotFoundException.class.getName(),
+ IOException.class.getName(),
+ SSLException.class.getName(),
+ SSLHandshakeException.class.getName()
+ };
+
+ private static final String[] clientIgnoredExceptions = {
+ AuthenticationRequiredException.class.getName(),
+ AuthenticationFailedException.class.getName(),
+ SSLHandshakeException.class.getName()
+ };
+
+ @Override
+ public final void postSetUp() throws Exception {
+ final Host host = Host.getHost(0);
+ server1 = host.getVM(0);
+ server2 = host.getVM(1);
+ client1 = host.getVM(2);
+ client2 = host.getVM(3);
+
+ addIgnoredException("Connection refused: connect");
+
+ server1.invoke(() -> registerExpectedExceptions(serverIgnoredExceptions));
+ server2.invoke(() -> registerExpectedExceptions(serverIgnoredExceptions));
+ client1.invoke(() -> registerExpectedExceptions(clientIgnoredExceptions));
+ client2.invoke(() -> registerExpectedExceptions(clientIgnoredExceptions));
+ }
+
+ protected void doTestValidCredentials(final boolean multiUser) throws Exception {
+ CredentialGenerator gen = new DummyCredentialGenerator();
+ Properties extraProps = gen.getSystemProperties();
+ Properties javaProps = gen.getJavaProperties();
+ String authenticator = gen.getAuthenticator();
+ String authInit = gen.getAuthInit();
+
+ getLogWriter().info("testValidCredentials: Using scheme: " + gen.classCode());
+ getLogWriter().info("testValidCredentials: Using authenticator: " + authenticator);
+ getLogWriter().info("testValidCredentials: Using authinit: " + authInit);
+
+ // Start the servers
+ int locPort1 = getLocatorPort();
+ int locPort2 = getLocatorPort();
+ String locString = getAndClearLocatorString();
+
+ int port1 = server1.invoke(() -> createCacheServer(locPort1, locString, authenticator, extraProps, javaProps));
+ int port2 = server2.invoke(() -> createCacheServer(locPort2, locString, authenticator, extraProps, javaProps));
+
+ // Start the clients with valid credentials
+ Properties credentials1 = gen.getValidCredentials(1);
+ Properties javaProps1 = gen.getJavaProperties();
+
+ getLogWriter().info("testValidCredentials: For first client credentials: " + credentials1 + " : " + javaProps1);
+
+ Properties credentials2 = gen.getValidCredentials(2);
+ Properties javaProps2 = gen.getJavaProperties();
+
+ getLogWriter().info("testValidCredentials: For second client credentials: " + credentials2 + " : " + javaProps2);
+
+ createClientsNoException(multiUser, authInit, port1, port2, credentials1, javaProps1, credentials2, javaProps2);
+
+ // Perform some put operations from client1
+ client1.invoke(() -> doPuts(2));
+
+ // Verify that the puts succeeded
+ client2.invoke(() -> doGets(2));
+
+ if (multiUser) {
+ client1.invoke(() -> doProxyCacheClose());
+ client2.invoke(() -> doProxyCacheClose());
+ client1.invoke(() -> doSimplePut("CacheClosedException"));
+ client2.invoke(() -> doSimpleGet("CacheClosedException"));
+ }
+ }
+
+ protected void doTestNoCredentials(final boolean multiUser) throws Exception {
+ CredentialGenerator gen = new DummyCredentialGenerator();
+ Properties extraProps = gen.getSystemProperties();
+ Properties javaProps = gen.getJavaProperties();
+ String authenticator = gen.getAuthenticator();
+ String authInit = gen.getAuthInit();
+
+ getLogWriter().info("testNoCredentials: Using scheme: " + gen.classCode());
+ getLogWriter().info("testNoCredentials: Using authenticator: " + authenticator);
+ getLogWriter().info("testNoCredentials: Using authinit: " + authInit);
+
+ // Start the servers
+ int locPort1 = getLocatorPort();
+ int locPort2 = getLocatorPort();
+ String locString = getAndClearLocatorString();
+
+ int port1 = createServer1(extraProps, javaProps, authenticator, locPort1, locString);
+ int port2 = server2.invoke(() -> createCacheServer(locPort2, locString, authenticator, extraProps, javaProps));
+
+ // Start first client with valid credentials
+ Properties credentials1 = gen.getValidCredentials(1);
+ Properties javaProps1 = gen.getJavaProperties();
+
+ getLogWriter().info("testNoCredentials: For first client credentials: " + credentials1 + " : " + javaProps1);
+
+ createClient1NoException(multiUser, authInit, port1, port2, credentials1, javaProps1);
+
+ // Perform some put operations from client1
+ client1.invoke(() -> doPuts(2));
+
+ // Trying to create the region on client2
+ if (gen.classCode().equals(CredentialGenerator.ClassCode.SSL)) {
+ // For SSL the exception may not come since the server can close socket
+ // before handshake message is sent from client. However exception
+ // should come in any region operations.
+ client2.invoke(() -> createCacheClient(null, null, null, port1, port2, 0, multiUser, NO_EXCEPTION));
+ client2.invoke(() -> doPuts(2, OTHER_EXCEPTION));
+
+ } else {
+ client2.invoke(() -> createCacheClient(null, null, null, port1, port2, 0, multiUser, AUTHREQ_EXCEPTION));
+ }
+ }
+
+ protected void doTestInvalidCredentials(final boolean multiUser) throws Exception {
+ CredentialGenerator gen = new DummyCredentialGenerator();
+ Properties extraProps = gen.getSystemProperties();
+ Properties javaProps = gen.getJavaProperties();
+ String authenticator = gen.getAuthenticator();
+ String authInit = gen.getAuthInit();
+
+ getLogWriter().info("testInvalidCredentials: Using scheme: " + gen.classCode());
+ getLogWriter().info("testInvalidCredentials: Using authenticator: " + authenticator);
+ getLogWriter().info("testInvalidCredentials: Using authinit: " + authInit);
+
+ // Start the servers
+ int locPort1 = getLocatorPort();
+ int locPort2 = getLocatorPort();
+ String locString = getAndClearLocatorString();
+
+ int port1 = createServer1(extraProps, javaProps, authenticator, locPort1, locString);
+ int port2 = server2.invoke(() -> createCacheServer(locPort2, locString, authenticator, extraProps, javaProps));
+
+ // Start first client with valid credentials
+ Properties credentials1 = gen.getValidCredentials(1);
+ Properties javaProps1 = gen.getJavaProperties();
+ getLogWriter().info("testInvalidCredentials: For first client credentials: " + credentials1 + " : " + javaProps1);
+
+ createClient1NoException(multiUser, authInit, port1, port2, credentials1, javaProps1);
+
+ // Perform some put operations from client1
+ client1.invoke(() -> doPuts(2));
+
+ // Start second client with invalid credentials
+ // Trying to create the region on client2 should throw a security
+ // exception
+ Properties credentials2 = gen.getInvalidCredentials(1);
+ Properties javaProps2 = gen.getJavaProperties();
+ getLogWriter().info("testInvalidCredentials: For second client credentials: " + credentials2 + " : " + javaProps2);
+
+ client2.invoke(() -> createCacheClient(authInit, credentials2, javaProps2, port1, port2, 0, multiUser, AUTHFAIL_EXCEPTION));
+ }
+
+ protected void doTestInvalidAuthInit(final boolean multiUser) throws Exception {
+ CredentialGenerator gen = new DummyCredentialGenerator();
+ Properties extraProps = gen.getSystemProperties();
+ final Properties javaProps = gen.getJavaProperties();
+ String authenticator = gen.getAuthenticator();
+
+ getLogWriter().info("testInvalidAuthInit: Using scheme: " + gen.classCode());
+ getLogWriter().info("testInvalidAuthInit: Using authenticator: " + authenticator);
+
+ // Start the server
+ int locPort1 = getLocatorPort();
+ String locString = getAndClearLocatorString();
+
+ int port1 = createServer1(extraProps, javaProps, authenticator, locPort1, locString);
+ Properties credentials = gen.getValidCredentials(1);
+ getLogWriter().info("testInvalidAuthInit: For first client credentials: " + credentials + " : " + javaProps);
+
+ client1.invoke(() -> createCacheClient("com.gemstone.none", credentials, javaProps, new int[] { port1 }, 0, false, multiUser, true, SECURITY_EXCEPTION));
+ }
+
+ protected void doTestNoAuthInitWithCredentials(final boolean multiUser) throws Exception {
+ CredentialGenerator gen = new DummyCredentialGenerator();
+ Properties extraProps = gen.getSystemProperties();
+ Properties javaProps = gen.getJavaProperties();
+ String authenticator = gen.getAuthenticator();
+
+ getLogWriter().info("testNoAuthInitWithCredentials: Using scheme: " + gen.classCode());
+ getLogWriter().info("testNoAuthInitWithCredentials: Using authenticator: " + authenticator);
+
+ // Start the servers
+ int locPort1 = getLocatorPort();
+ int locPort2 = getLocatorPort();
+ String locString = getAndClearLocatorString();
+
+ int port1 = createServer1(extraProps, javaProps, authenticator, locPort1, locString);
+ int port2 = server2.invoke(() -> createCacheServer(locPort2, locString, authenticator, extraProps, javaProps));
+
+ // Start the clients with valid credentials
+ Properties credentials1 = gen.getValidCredentials(1);
+ Properties javaProps1 = gen.getJavaProperties();
+ getLogWriter().info("testNoAuthInitWithCredentials: For first client credentials: " + credentials1 + " : " + javaProps1);
+
+ Properties credentials2 = gen.getValidCredentials(2);
+ Properties javaProps2 = gen.getJavaProperties();
+ getLogWriter().info("testNoAuthInitWithCredentials: For second client credentials: " + credentials2 + " : " + javaProps2);
+
+ client1.invoke(() -> createCacheClient(null, credentials1, javaProps1, port1, port2, 0, multiUser, AUTHREQ_EXCEPTION));
+ client2.invoke(() -> createCacheClient(null, credentials2, javaProps2, port1, port2, 0, multiUser, AUTHREQ_EXCEPTION));
+ client2.invoke(() -> closeCache());
+
+ // Now also try with invalid credentials
+ Properties credentials3 = gen.getInvalidCredentials(5);
+ Properties javaProps3 = gen.getJavaProperties();
+
+ client2.invoke(() -> createCacheClient(null, credentials3, javaProps3, port1, port2, 0, multiUser, AUTHREQ_EXCEPTION));
+ }
+
+ /**
+ * NOTE: "final boolean multiUser" is unused
+ */
+ protected void doTestInvalidAuthenticator(final boolean multiUser) throws Exception {
+ CredentialGenerator gen = new DummyCredentialGenerator();
+ Properties extraProps = gen.getSystemProperties();
+ Properties javaProps = gen.getJavaProperties();
+ String authInit = gen.getAuthInit();
+
+ getLogWriter().info("testInvalidAuthenticator: Using scheme: " + gen.classCode());
+ getLogWriter().info("testInvalidAuthenticator: Using authinit: " + authInit);
+
+ // Start the server with invalid authenticator
+ int locPort1 = getLocatorPort();
+ String locString = getAndClearLocatorString();
+
+ server1.invoke(() -> createCacheServer(locPort1, locString, "com.gemstone.gemfire.none", extraProps, javaProps, AUTHREQ_EXCEPTION));
+ }
+
+ protected void doTestNoAuthenticatorWithCredentials(final boolean multiUser) throws Exception {
+ CredentialGenerator gen = new DummyCredentialGenerator();
+ Properties extraProps = gen.getSystemProperties();
+ Properties javaProps = gen.getJavaProperties();
+ String authenticator = gen.getAuthenticator();
+ String authInit = gen.getAuthInit();
+
+ getLogWriter().info("testNoAuthenticatorWithCredentials: Using scheme: " + gen.classCode());
+ getLogWriter().info("testNoAuthenticatorWithCredentials: Using authinit: " + authInit);
+
+ // Start the servers with no authenticator
+ int locPort1 = getLocatorPort();
+ int locPort2 = getLocatorPort();
+ String locString = getAndClearLocatorString();
+
+ int port1 = server1.invoke(() -> createCacheServer(locPort1, locString, null, extraProps, javaProps));
+ int port2 = server2.invoke(() -> createCacheServer(locPort2, locString, null, extraProps, javaProps));
+
+ // Clients should connect successfully and work properly with
+ // valid/invalid credentials when none are required on the server side
+ Properties credentials1 = gen.getValidCredentials(3);
+ Properties javaProps1 = gen.getJavaProperties();
+ getLogWriter().info("testNoAuthenticatorWithCredentials: For first client credentials: " + credentials1 + " : " + javaProps1);
+
+ Properties credentials2 = gen.getInvalidCredentials(5);
+ Properties javaProps2 = gen.getJavaProperties();
+ getLogWriter().info("testNoAuthenticatorWithCredentials: For second client credentials: " + credentials2 + " : " + javaProps2);
+
+ createClientsNoException(multiUser, authInit, port1, port2, credentials1, javaProps1, credentials2, javaProps2);
+
+ // Perform some put operations from client1
+ client1.invoke(() -> doPuts(2));
+
+ // Verify that the puts succeeded
+ client2.invoke(() -> doGets(2));
+ }
+
+ protected void doTestCredentialsWithFailover(final boolean multiUser) throws Exception {
+ CredentialGenerator gen = new DummyCredentialGenerator();
+ Properties extraProps = gen.getSystemProperties();
+ Properties javaProps = gen.getJavaProperties();
+ String authenticator = gen.getAuthenticator();
+ String authInit = gen.getAuthInit();
+
+ getLogWriter().info("testCredentialsWithFailover: Using scheme: " + gen.classCode());
+ getLogWriter().info("testCredentialsWithFailover: Using authenticator: " + authenticator);
+ getLogWriter().info("testCredentialsWithFailover: Using authinit: " + authInit);
+
+ // Start the first server
+ int locPort1 = getLocatorPort();
+ int locPort2 = getLocatorPort();
+ String locString = getAndClearLocatorString();
+
+ int port1 = server1.invoke(() -> createCacheServer(locPort1, locString, authenticator, extraProps, javaProps));
+
+ // Get a port for second server but do not start it
+ // This forces the clients to connect to the first server
+ int port2 = getRandomAvailablePort(SOCKET);
+
+ // Start the clients with valid credentials
+ Properties credentials1 = gen.getValidCredentials(5);
+ Properties javaProps1 = gen.getJavaProperties();
+ getLogWriter().info("testCredentialsWithFailover: For first client credentials: " + credentials1 + " : " + javaProps1);
+
+ Properties credentials2 = gen.getValidCredentials(6);
+ Properties javaProps2 = gen.getJavaProperties();
+ getLogWriter().info("testCredentialsWithFailover: For second client credentials: " + credentials2 + " : " + javaProps2);
+
+ createClientsNoException(multiUser, authInit, port1, port2, credentials1, javaProps1, credentials2, javaProps2);
+
+ // Perform some put operations from client1
+ client1.invoke(() -> doPuts(2));
+ // Verify that the puts succeeded
+ client2.invoke(() -> doGets(2));
+
+ // start the second one and stop the first server to force a failover
+ server2.invoke(() -> createCacheServer(locPort2, locString, port2, authenticator, extraProps, javaProps));
+ server1.invoke(() -> closeCache());
+
+ // Perform some create/update operations from client1
+ client1.invoke(() -> doNPuts(4));
+ // Verify that the creates/updates succeeded
+ client2.invoke(() -> doNGets(4));
+
+ // Try to connect client2 with no credentials
+ // Verify that the creation of region throws security exception
+ if (gen.classCode().equals(CredentialGenerator.ClassCode.SSL)) {
+ // For SSL the exception may not come since the server can close socket
+ // before handshake message is sent from client. However exception
+ // should come in any region operations.
+ client2.invoke(() -> createCacheClient(null, null, null, port1, port2, 0, multiUser, NOFORCE_AUTHREQ_EXCEPTION));
+ client2.invoke(() -> doPuts(2, OTHER_EXCEPTION));
+
+ } else {
+ client2.invoke(() -> createCacheClient(null, null, null, port1, port2, 0, multiUser, AUTHREQ_EXCEPTION));
+ }
+
+ // Now try to connect client1 with invalid credentials
+ // Verify that the creation of region throws security exception
+ Properties credentials3 = gen.getInvalidCredentials(7);
+ Properties javaProps3 = gen.getJavaProperties();
+ getLogWriter().info("testCredentialsWithFailover: For first client invalid credentials: " + credentials3 + " : " + javaProps3);
+
+ client1.invoke(() -> createCacheClient(authInit, credentials3, javaProps3, port1, port2, 0, multiUser, AUTHFAIL_EXCEPTION));
+
+ if (multiUser) {
+ client1.invoke(() -> doProxyCacheClose());
+ client2.invoke(() -> doProxyCacheClose());
+ client1.invoke(() -> doSimplePut("CacheClosedException"));
+ client2.invoke(() -> doSimpleGet("CacheClosedException"));
+ }
+ }
+
+ protected void doTestCredentialsForNotifications(final boolean multiUser) throws Exception {
+ CredentialGenerator gen = new DummyCredentialGenerator();
+ Properties extraProps = gen.getSystemProperties();
+ Properties javaProps = gen.getJavaProperties();
+ String authenticator = gen.getAuthenticator();
+ String authInit = gen.getAuthInit();
+
+ getLogWriter().info("testCredentialsForNotifications: Using scheme: " + gen.classCode());
+ getLogWriter().info("testCredentialsForNotifications: Using authenticator: " + authenticator);
+ getLogWriter().info("testCredentialsForNotifications: Using authinit: " + authInit);
+
+ // Start the first server
+ int locPort1 = getLocatorPort();
+ int locPort2 = getLocatorPort();
+ String locString = getAndClearLocatorString();
+
+ int port1 = server1.invoke(() -> createCacheServer(locPort1, locString, authenticator, extraProps, javaProps));
+
+ // Get a port for second server but do not start it
+ // This forces the clients to connect to the first server
+ int port2 = getRandomAvailablePort(SOCKET);
+
+ // Start the clients with valid credentials
+ Properties credentials1 = gen.getValidCredentials(3);
+ Properties javaProps1 = gen.getJavaProperties();
+ getLogWriter().info("testCredentialsForNotifications: For first client credentials: " + credentials1 + " : " + javaProps1);
+
+ Properties credentials2 = gen.getValidCredentials(4);
+ Properties javaProps2 = gen.getJavaProperties();
+ getLogWriter().info("testCredentialsForNotifications: For second client credentials: " + credentials2 + " : " + javaProps2);
+
+ createClient1NoException(multiUser, authInit, port1, port2, credentials1, javaProps1);
+
+ // Set up zero forward connections to check notification handshake only
+ int zeroConns = 0;
+ createClient2NoException(multiUser, authInit, port1, port2, credentials2, javaProps2, zeroConns);
+
+ // Register interest on all keys on second client
+ client2.invoke(() -> registerAllInterest());
+
+ // Perform some put operations from client1
+ client1.invoke(() -> doPuts(2));
+
+ // Verify that the puts succeeded
+ client2.invoke(() -> doLocalGets(2));
+
+ // start the second one and stop the first server to force a failover
+ server2.invoke(() -> createCacheServer(locPort2, locString, port2, authenticator, extraProps, javaProps));
+ server1.invoke(() -> closeCache());
+
+ // Wait for failover to complete
+ pause(500);
+
+ // Perform some create/update operations from client1
+ client1.invoke(() -> doNPuts(4));
+ // Verify that the creates/updates succeeded
+ client2.invoke(() -> doNLocalGets(4));
+
+ // Try to connect client1 with no credentials
+ // Verify that the creation of region throws security exception
+ final int p = server1.invoke(() -> createCacheServer(locPort1, locString, 0, authenticator, extraProps, javaProps));
+ if (gen.classCode().equals(CredentialGenerator.ClassCode.SSL)) {
+ // For SSL the exception may not come since the server can close socket
+ // before handshake message is sent from client. However exception
+ // should come in any region operations.
+ client1.invoke(() -> createCacheClient(null, null, null, p, port2, zeroConns, multiUser, NOFORCE_AUTHREQ_EXCEPTION));
+ client1.invoke(() -> doPuts(2, OTHER_EXCEPTION));
+
+ } else {
+ client1.invoke(() -> createCacheClient(null, null, null, p, port2, zeroConns, multiUser, AUTHREQ_EXCEPTION));
+ }
+
+ // Now try to connect client2 with invalid credentials
+ // Verify that the creation of region throws security exception
+ credentials2 = gen.getInvalidCredentials(3);
+ javaProps2 = gen.getJavaProperties();
+ getLogWriter().info("testCredentialsForNotifications: For second client invalid credentials: " + credentials2 + " : " + javaProps2);
+
+ createClient2WithException(multiUser, authInit, p, port2, credentials2, javaProps2, zeroConns);
+
+ // Now try to connect client2 with invalid auth-init method
+ // Trying to create the region on client with valid credentials should
+ // throw a security exception
+ client2.invoke(() -> createCacheClient("com.gemstone.none", credentials1, javaProps1, p, port2, zeroConns, multiUser, SECURITY_EXCEPTION));
+
+ // Try connection with null auth-init on clients.
+ // Skip this test for a scheme which does not have an authInit in the
+ // first place (e.g. SSL).
+ if (authInit != null && authInit.length() > 0) {
+ final int p1 = server1.invoke(() -> createCacheServer(locPort1, locString, 0, authenticator, extraProps, javaProps));
+ final int p2 = server2.invoke(() -> createCacheServer(locPort2, locString, 0, authenticator, extraProps, javaProps));
+ client1.invoke(() -> createCacheClient(null, credentials1, javaProps1, p1, p2, 0, multiUser, AUTHREQ_EXCEPTION));
+
+ createClient2AuthReqException(multiUser, p1, p2, credentials2, javaProps2, zeroConns);
+ createClient2AuthReqException(multiUser, p1, p2, credentials2, javaProps2, zeroConns);
+
+ } else {
+ getLogWriter().info("testCredentialsForNotifications: Skipping null authInit for scheme [" + gen.classCode() + "] which has no authInit");
+ }
+
+ // Try connection with null authenticator on server and sending
+ // valid/invalid credentials.
+ // If the scheme does not have an authenticator in the first place (e.g.
+ // SSL) then skip it since this test is useless.
+ if (authenticator != null && authenticator.length() > 0) {
+ final int p1 = server1.invoke(() -> createCacheServer(locPort1, locString, 0, null, extraProps, javaProps));
+ final int p2 = server2.invoke(() -> createCacheServer(locPort2, locString, 0, null, extraProps, javaProps));
+
+ createClient1NoException(multiUser, authInit, p1, p2, credentials1, javaProps1);
+ createClient2NoException(multiUser, authInit, p1, p2, credentials2, javaProps2, zeroConns);
+
+ // Register interest on all keys on second client
+ client2.invoke(() -> registerAllInterest());
+
+ // Perform some put operations from client1
+ client1.invoke(() -> doPuts(4));
+
+ // Verify that the puts succeeded
+ client2.invoke(() -> doLocalGets(4));
+
+ // Now also try with valid credentials on client2
+ createClient1NoException(multiUser, authInit, p1, p2, credentials2, javaProps2);
+ createClient2NoException(multiUser, authInit, p1, p2, credentials1, javaProps1, zeroConns);
+
+ // Register interest on all keys on second client
+ client2.invoke(() -> registerAllInterest());
+
+ // Perform some put operations from client1
+ client1.invoke(() -> doNPuts(4));
+
+ // Verify that the puts succeeded
+ client2.invoke(() -> doNLocalGets(4));
+
+ } else {
+ getLogWriter().info("testCredentialsForNotifications: Skipping scheme [" + gen.classCode() + "] which has no authenticator");
+ }
+ }
+
+ private int createServer1(final Properties extraProps, final Properties javaProps, final String authenticator, final int locPort1, final String locString) {
+ return server1.invoke(() -> createCacheServer(locPort1, locString, authenticator, extraProps, javaProps));
+ }
+
+ private void createClient1NoException(final boolean multiUser, final String authInit, final int port1, final int port2, final Properties credentials2, final Properties javaProps2) {
+ client1.invoke(() -> createCacheClient(authInit, credentials2, javaProps2, port1, port2, 0, multiUser, NO_EXCEPTION));
+ }
+
+ private void createClient2AuthReqException(final boolean multiUser, final int port1, final int port2, final Properties credentials2, final Properties javaProps2, final int zeroConns) {
+ client2.invoke(() -> createCacheClient(null, credentials2, javaProps2, port1, port2, zeroConns, multiUser, AUTHREQ_EXCEPTION));
+ }
+
+ private void createClient1WithException(final boolean multiUser, final String authInit, final int port1, final int port2, final Properties credentials2, final Properties javaProps2, final int zeroConns) {
+ client1.invoke(() -> createCacheClient(authInit, credentials2, javaProps2, port1, port2, zeroConns, multiUser, AUTHFAIL_EXCEPTION));
+ }
+
+ private void createClient2WithException(final boolean multiUser, final String authInit, final int port1, final int port2, final Properties credentials2, final Properties javaProps2, final int zeroConns) {
+ client2.invoke(() -> createCacheClient(authInit, credentials2, javaProps2, port1, port2, zeroConns, multiUser, AUTHFAIL_EXCEPTION));
+ }
+
+ private void createClient2NoException(final boolean multiUser, final String authInit, final int port1, final int port2, final Properties credentials2, final Properties javaProps2, final int zeroConns) {
+ client2.invoke(() -> createCacheClient(authInit, credentials2, javaProps2, port1, port2, zeroConns, multiUser, NO_EXCEPTION));
+ }
+
+ private void createClientsNoException(final boolean multiUser, final String authInit, final int port1, final int port2, final Properties credentials1, final Properties javaProps1, final Properties credentials2, final Properties javaProps2) {
+ createClient1NoException(multiUser, authInit, port1, port2, credentials1, javaProps1);
+ client2.invoke(() -> createCacheClient(authInit, credentials2, javaProps2, port1, port2, 0, multiUser, NO_EXCEPTION));
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/ClientAuthenticationTestUtils.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/ClientAuthenticationTestUtils.java b/geode-core/src/test/java/org/apache/geode/security/ClientAuthenticationTestUtils.java
new file mode 100644
index 0000000..3073705
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/ClientAuthenticationTestUtils.java
@@ -0,0 +1,90 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+import static com.gemstone.gemfire.security.SecurityTestUtils.*;
+import static org.junit.Assert.*;
+
+import java.util.Properties;
+
+import com.gemstone.gemfire.cache.Region;
+
+/**
+ * Extracted from ClientAuthenticationDUnitTest
+ */
+public abstract class ClientAuthenticationTestUtils {
+
+ protected ClientAuthenticationTestUtils() {
+ }
+
+ protected static Integer createCacheServer(final int locatorPort, final String locatorString, final String authenticator, final Properties extraProps, final Properties javaProps) {
+ return createCacheServer(locatorPort, locatorString, 0, authenticator, extraProps, javaProps, NO_EXCEPTION);
+ }
+
+ protected static Integer createCacheServer(final int locatorPort, final String locatorString, final int serverPort, final String authenticator, final Properties extraProps, final Properties javaProps) {
+ return createCacheServer(locatorPort, locatorString, serverPort, authenticator, extraProps, javaProps, NO_EXCEPTION);
+ }
+ protected static Integer createCacheServer(final int locatorPort, final String locatorString, final String authenticator, final Properties extraProps, final Properties javaProps, final int expectedResult) {
+
+ return createCacheServer(locatorPort, locatorString, 0, authenticator, extraProps, javaProps, expectedResult);
+ }
+
+ protected static Integer createCacheServer(final int locatorPort, final String locatorString, final int serverPort, final String authenticator, final Properties extraProps, final Properties javaProps, int expectedResult) {
+ Properties authProps;
+ if (extraProps == null) {
+ authProps = new Properties();
+ } else {
+ authProps = extraProps;
+ }
+
+ if (authenticator != null) {
+ authProps.setProperty(SECURITY_CLIENT_AUTHENTICATOR, authenticator);
+ }
+ return SecurityTestUtils.createCacheServer(authProps, javaProps, locatorPort, locatorString, serverPort, expectedResult);
+ }
+
+ protected static void createCacheClient(final String authInit, final Properties authProps, final Properties javaProps, final int[] ports, final int numConnections, final boolean multiUserMode, final boolean subscriptionEnabled, final int expectedResult) {
+ SecurityTestUtils.createCacheClient(authInit, authProps, javaProps, ports, numConnections, false, multiUserMode, subscriptionEnabled, expectedResult);
+ }
+
+ protected static void createCacheClient(final String authInit, final Properties authProps, final Properties javaProps, final int[] ports, final int numConnections, final boolean multiUserMode, final int expectedResult) {
+ createCacheClient(authInit, authProps, javaProps, ports, numConnections, multiUserMode, true, expectedResult);
+ }
+
+ protected static void createCacheClient(final String authInit, final Properties authProps, final Properties javaProps, final int port1, final int numConnections, final int expectedResult) {
+ createCacheClient(authInit, authProps, javaProps, new int[] { port1 }, numConnections, false, true, expectedResult);
+ }
+
+ protected static void createCacheClient(final String authInit, final Properties authProps, final Properties javaProps, final int port1, final int port2, final int numConnections, final int expectedResult) {
+ createCacheClient(authInit, authProps, javaProps, port1, port2, numConnections, false, expectedResult);
+ }
+
+ protected static void createCacheClient(final String authInit, final Properties authProps, final Properties javaProps, final int port1, final int port2, final int numConnections, final boolean multiUserMode, final int expectedResult) {
+ createCacheClient(authInit, authProps, javaProps, port1, port2, numConnections, multiUserMode, true, expectedResult);
+ }
+
+ protected static void createCacheClient(final String authInit, final Properties authProps, final Properties javaProps, final int port1, final int port2, final int numConnections, final boolean multiUserMode, final boolean subscriptionEnabled, final int expectedResult) {
+ createCacheClient(authInit, authProps, javaProps, new int[] { port1, port2 }, numConnections, multiUserMode, subscriptionEnabled, expectedResult);
+ }
+
+ protected static void registerAllInterest() {
+ Region region = getCache().getRegion(REGION_NAME);
+ assertNotNull(region);
+ region.registerInterestRegex(".*");
+ }
+}
[04/15] incubator-geode git commit: GEODE-37 Renamed security related
stuff
Posted by hi...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/PDXPostProcessorDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/PDXPostProcessorDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/PDXPostProcessorDUnitTest.java
new file mode 100644
index 0000000..1e87952
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/PDXPostProcessorDUnitTest.java
@@ -0,0 +1,233 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.gemstone.gemfire.security;
+
+import static org.junit.Assert.*;
+
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.concurrent.TimeUnit;
+
+import com.jayway.awaitility.Awaitility;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+
+import com.gemstone.gemfire.cache.EntryEvent;
+import com.gemstone.gemfire.cache.Region;
+import com.gemstone.gemfire.cache.client.ClientCache;
+import com.gemstone.gemfire.cache.client.ClientCacheFactory;
+import com.gemstone.gemfire.cache.client.ClientRegionFactory;
+import com.gemstone.gemfire.cache.client.ClientRegionShortcut;
+import com.gemstone.gemfire.cache.query.SelectResults;
+import com.gemstone.gemfire.cache.util.CacheListenerAdapter;
+import com.gemstone.gemfire.internal.AvailablePortHelper;
+import com.gemstone.gemfire.internal.cache.EntryEventImpl;
+import com.gemstone.gemfire.internal.security.SecurityService;
+import com.gemstone.gemfire.management.cli.Result.Status;
+import com.gemstone.gemfire.management.internal.cli.CliUtil;
+import com.gemstone.gemfire.management.internal.cli.HeadlessGfsh;
+import com.gemstone.gemfire.management.internal.cli.i18n.CliStrings;
+import com.gemstone.gemfire.management.internal.cli.result.CommandResult;
+import com.gemstone.gemfire.management.internal.cli.util.CommandStringBuilder;
+import com.gemstone.gemfire.pdx.SimpleClass;
+import com.gemstone.gemfire.test.junit.categories.DistributedTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+import com.gemstone.gemfire.test.junit.runners.CategoryWithParameterizedRunnerFactory;
+
+@Category({ DistributedTest.class, SecurityTest.class })
+@RunWith(Parameterized.class)
+@Parameterized.UseParametersRunnerFactory(CategoryWithParameterizedRunnerFactory.class)
+public class PDXPostProcessorDUnitTest extends AbstractSecureServerDUnitTest {
+ private static byte[] BYTES = PDXPostProcessor.BYTES;
+
+ @Parameterized.Parameters
+ public static Collection<Object[]> parameters(){
+ Object[][] params = {{true}, {false}};
+ return Arrays.asList(params);
+ }
+
+ public PDXPostProcessorDUnitTest(boolean pdxPersistent){
+ this.postProcessor = PDXPostProcessor.class;
+ this.pdxPersistent = pdxPersistent;
+ this.jmxPort = AvailablePortHelper.getRandomAvailableTCPPort();
+ values = new HashMap();
+ }
+
+ @Test
+ public void testRegionGet(){
+ client2.invoke(()->{
+ ClientCache cache = createClientCache("super-user", "1234567", serverPort);
+ Region region = cache.getRegion(REGION_NAME);
+ // put in a value that's a domain object
+ region.put("key1", new SimpleClass(1, (byte) 1));
+ // put in a byte value
+ region.put("key2", BYTES);
+ });
+
+ client1.invoke(()->{
+ ClientCache cache = createClientCache("super-user", "1234567", serverPort);
+ Region region = cache.getRegion(REGION_NAME);
+
+ // post process for get the client domain object
+ Object value = region.get("key1");
+ assertTrue(value instanceof SimpleClass);
+
+ // post process for get the raw byte value
+ value = region.get("key2");
+ assertTrue(Arrays.equals(BYTES, (byte[])value));
+ });
+
+ // this makes sure PostProcessor is getting called
+ PDXPostProcessor pp = (PDXPostProcessor) SecurityService.getSecurityService().getPostProcessor();
+ assertEquals(pp.getCount(), 2);
+ }
+
+ @Test
+ public void testQuery(){
+ client2.invoke(()->{
+ ClientCache cache = createClientCache("super-user", "1234567", serverPort);
+ Region region = cache.getRegion(REGION_NAME);
+ // put in a value that's a domain object
+ region.put("key1", new SimpleClass(1, (byte) 1));
+ region.put("key2", BYTES);
+ });
+
+ client1.invoke(()->{
+ ClientCache cache = createClientCache("super-user", "1234567", serverPort);
+ Region region = cache.getRegion(REGION_NAME);
+
+ // post process for query
+ String query = "select * from /AuthRegion";
+ SelectResults result = region.query(query);
+
+ Iterator itr = result.iterator();
+ while (itr.hasNext()) {
+ Object obj = itr.next();
+ if(obj instanceof byte[]){
+ assertTrue(Arrays.equals(BYTES, (byte[])obj));
+ }
+ else{
+ assertTrue(obj instanceof SimpleClass);
+ }
+ }
+ });
+
+ // this makes sure PostProcessor is getting called
+ PDXPostProcessor pp = (PDXPostProcessor) SecurityService.getSecurityService().getPostProcessor();
+ assertEquals(pp.getCount(), 2);
+ }
+
+ @Test
+ public void testRegisterInterest(){
+ client1.invoke(()->{
+ ClientCache cache = new ClientCacheFactory(createClientProperties("super-user", "1234567"))
+ .setPoolSubscriptionEnabled(true)
+ .addPoolServer("localhost", serverPort)
+ .create();
+
+ ClientRegionFactory factory = cache.createClientRegionFactory(ClientRegionShortcut.PROXY);
+ factory.addCacheListener(new CacheListenerAdapter() {
+ @Override
+ public void afterUpdate(EntryEvent event) {
+ Object key = event.getKey();
+ Object value = ((EntryEventImpl) event).getDeserializedValue();
+ if(key.equals("key1")) {
+ assertTrue(value instanceof SimpleClass);
+ }
+ else if(key.equals("key2")){
+ assertTrue(Arrays.equals(BYTES, (byte[])value));
+ }
+ }
+ });
+
+ Region region = factory.create(REGION_NAME);
+ region.put("key1", "value1");
+ region.registerInterest("key1");
+ region.registerInterest("key2");
+ });
+
+ client2.invoke(()->{
+ ClientCache cache = createClientCache("dataUser", "1234567", serverPort);
+ Region region = cache.getRegion(REGION_NAME);
+ // put in a value that's a domain object
+ region.put("key1", new SimpleClass(1, (byte) 1));
+ region.put("key2", BYTES);
+ });
+
+ // wait for events to fire
+ Awaitility.await().atMost(1, TimeUnit.SECONDS);
+ PDXPostProcessor pp = (PDXPostProcessor) SecurityService.getSecurityService().getPostProcessor();
+ assertEquals(pp.getCount(), 2);
+ }
+
+ @Test
+ public void testGfshCommand(){
+ // have client2 input some domain data into the region
+ client2.invoke(()->{
+ ClientCache cache = createClientCache("super-user", "1234567", serverPort);
+ Region region = cache.getRegion(REGION_NAME);
+ // put in a value that's a domain object
+ region.put("key1", new SimpleClass(1, (byte) 1));
+ // put in a byte value
+ region.put("key2", BYTES);
+ });
+
+ client1.invoke(()->{
+ CliUtil.isGfshVM = true;
+ String shellId = getClass().getSimpleName();
+ HeadlessGfsh gfsh = new HeadlessGfsh(shellId, 30, "gfsh_files");
+
+ // connect to the jmx server
+ final CommandStringBuilder connectCommand = new CommandStringBuilder(CliStrings.CONNECT);
+ connectCommand.addOption(CliStrings.CONNECT__USERNAME, "dataUser");
+ connectCommand.addOption(CliStrings.CONNECT__PASSWORD, "1234567");
+
+ String endpoint = "localhost[" + jmxPort + "]";
+ connectCommand.addOption(CliStrings.CONNECT__JMX_MANAGER, endpoint);
+
+ gfsh.executeCommand(connectCommand.toString());
+ CommandResult result = (CommandResult) gfsh.getResult();
+
+ // get command
+ gfsh.executeCommand("get --key=key1 --region=AuthRegion");
+ result = (CommandResult) gfsh.getResult();
+ assertEquals(result.getStatus(), Status.OK);
+ if(pdxPersistent)
+ assertTrue(result.getContent().toString().contains("com.gemstone.gemfire.pdx.internal.PdxInstanceImpl"));
+ else
+ assertTrue(result.getContent().toString().contains("SimpleClass"));
+
+ gfsh.executeCommand("get --key=key2 --region=AuthRegion");
+ result = (CommandResult)gfsh.getResult();
+ assertEquals(result.getStatus(), Status.OK);
+ assertTrue(result.getContent().toString().contains("byte[]"));
+
+ gfsh.executeCommand("query --query=\"select * from /AuthRegion\"");
+ result = (CommandResult)gfsh.getResult();
+ System.out.println("gfsh result: " + result);
+ });
+
+ PDXPostProcessor pp = (PDXPostProcessor) SecurityService.getSecurityService().getPostProcessor();
+ assertEquals(pp.getCount(), 4);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/PostProcessorDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/PostProcessorDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/PostProcessorDUnitTest.java
new file mode 100644
index 0000000..4a546e2
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/PostProcessorDUnitTest.java
@@ -0,0 +1,126 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import static org.junit.Assert.*;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+
+import org.apache.geode.security.templates.SamplePostProcessor;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import com.gemstone.gemfire.cache.EntryEvent;
+import com.gemstone.gemfire.cache.Region;
+import com.gemstone.gemfire.cache.client.ClientCache;
+import com.gemstone.gemfire.cache.client.ClientCacheFactory;
+import com.gemstone.gemfire.cache.client.ClientRegionFactory;
+import com.gemstone.gemfire.cache.client.ClientRegionShortcut;
+import com.gemstone.gemfire.cache.client.Pool;
+import com.gemstone.gemfire.cache.client.PoolManager;
+import com.gemstone.gemfire.cache.query.SelectResults;
+import com.gemstone.gemfire.cache.util.CacheListenerAdapter;
+import com.gemstone.gemfire.test.junit.categories.DistributedTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+
+@Category({ DistributedTest.class, SecurityTest.class })
+public class PostProcessorDUnitTest extends AbstractSecureServerDUnitTest {
+
+ public PostProcessorDUnitTest(){
+ this.postProcessor = SamplePostProcessor.class;
+ }
+
+ @Test
+ public void testPostProcessRegionGet(){
+ List<String> keys = new ArrayList<>();
+ keys.add("key1");
+ keys.add("key2");
+
+ client1.invoke(()->{
+ ClientCache cache = createClientCache("super-user", "1234567", serverPort);
+ Region region = cache.getRegion(REGION_NAME);
+
+ // post process for get
+ Object value = region.get("key3");
+ assertEquals("super-user/AuthRegion/key3/value3", value);
+
+ // post processs for getAll
+ Map values = region.getAll(keys);
+ assertEquals(2, values.size());
+ assertEquals("super-user/AuthRegion/key1/value1", values.get("key1"));
+ assertEquals("super-user/AuthRegion/key2/value2", values.get("key2"));
+ });
+ }
+
+ @Test
+ public void testPostProcessQuery(){
+ client1.invoke(()->{
+ ClientCache cache = createClientCache("super-user", "1234567", serverPort);
+ Region region = cache.getRegion(REGION_NAME);
+
+ // post process for query
+ String query = "select * from /AuthRegion";
+ SelectResults result = region.query(query);
+ assertEquals(5, result.size());
+
+ assertTrue(result.contains("super-user/null/null/value0"));
+ assertTrue(result.contains("super-user/null/null/value1"));
+ assertTrue(result.contains("super-user/null/null/value2"));
+ assertTrue(result.contains("super-user/null/null/value3"));
+ assertTrue(result.contains("super-user/null/null/value4"));
+
+ Pool pool = PoolManager.find(region);
+ result = (SelectResults)pool.getQueryService().newQuery(query).execute();
+ assertTrue(result.contains("super-user/null/null/value0"));
+ assertTrue(result.contains("super-user/null/null/value1"));
+ assertTrue(result.contains("super-user/null/null/value2"));
+ assertTrue(result.contains("super-user/null/null/value3"));
+ assertTrue(result.contains("super-user/null/null/value4"));
+ });
+ }
+
+ @Test
+ public void testRegisterInterestPostProcess(){
+ client1.invoke(()->{
+ ClientCache cache = new ClientCacheFactory(createClientProperties("super-user", "1234567"))
+ .setPoolSubscriptionEnabled(true)
+ .addPoolServer("localhost", serverPort)
+ .create();
+
+ ClientRegionFactory factory = cache.createClientRegionFactory(ClientRegionShortcut.PROXY);
+ factory.addCacheListener(new CacheListenerAdapter() {
+ @Override
+ public void afterUpdate(EntryEvent event) {
+ assertEquals("super-user/AuthRegion/key1/value2", event.getSerializedNewValue().getDeserializedValue());
+ }
+ });
+
+ Region region = factory.create(REGION_NAME);
+ region.put("key1", "value1");
+ region.registerInterest("key1");
+ });
+
+ client2.invoke(()->{
+ ClientCache cache = createClientCache("dataUser", "1234567", serverPort);
+ Region region = cache.getRegion(REGION_NAME);
+ region.put("key1", "value2");
+ });
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/SecurityTestUtils.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/SecurityTestUtils.java b/geode-core/src/test/java/org/apache/geode/security/SecurityTestUtils.java
new file mode 100644
index 0000000..3a469ec
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/SecurityTestUtils.java
@@ -0,0 +1,1930 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import static com.gemstone.gemfire.cache30.ClientServerTestCase.*;
+import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+import static com.gemstone.gemfire.internal.AvailablePort.*;
+import static com.gemstone.gemfire.test.dunit.Assert.*;
+import static com.gemstone.gemfire.test.dunit.DistributedTestUtils.*;
+import static com.gemstone.gemfire.test.dunit.LogWriterUtils.*;
+import static com.gemstone.gemfire.test.dunit.NetworkUtils.*;
+import static com.gemstone.gemfire.test.dunit.Wait.*;
+
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.PrintStream;
+import java.lang.reflect.Field;
+import java.lang.reflect.Modifier;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+import java.util.Set;
+import java.util.concurrent.Callable;
+
+import javax.net.ServerSocketFactory;
+import javax.net.SocketFactory;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLContextSpi;
+import javax.net.ssl.SSLServerSocketFactory;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+
+import com.gemstone.gemfire.cache.AttributesFactory;
+import com.gemstone.gemfire.cache.Cache;
+import com.gemstone.gemfire.cache.CacheFactory;
+import com.gemstone.gemfire.cache.DataPolicy;
+import com.gemstone.gemfire.cache.DynamicRegionFactory;
+import com.gemstone.gemfire.cache.Region;
+import com.gemstone.gemfire.cache.RegionAttributes;
+import com.gemstone.gemfire.cache.Scope;
+import com.gemstone.gemfire.cache.client.NoAvailableServersException;
+import com.gemstone.gemfire.cache.client.Pool;
+import com.gemstone.gemfire.cache.client.PoolFactory;
+import com.gemstone.gemfire.cache.client.PoolManager;
+import com.gemstone.gemfire.cache.client.ServerConnectivityException;
+import com.gemstone.gemfire.cache.client.ServerOperationException;
+import com.gemstone.gemfire.cache.client.ServerRefusedConnectionException;
+import com.gemstone.gemfire.cache.client.internal.PoolImpl;
+import com.gemstone.gemfire.cache.client.internal.ProxyCache;
+import com.gemstone.gemfire.cache.execute.Execution;
+import com.gemstone.gemfire.cache.execute.Function;
+import com.gemstone.gemfire.cache.execute.FunctionException;
+import com.gemstone.gemfire.cache.execute.FunctionService;
+import com.gemstone.gemfire.cache.query.Query;
+import com.gemstone.gemfire.cache.query.QueryInvocationTargetException;
+import com.gemstone.gemfire.cache.query.SelectResults;
+import com.gemstone.gemfire.cache.server.CacheServer;
+import com.gemstone.gemfire.distributed.DistributedSystem;
+import com.gemstone.gemfire.distributed.Locator;
+import com.gemstone.gemfire.distributed.internal.DistributionConfig;
+import com.gemstone.gemfire.pdx.PdxReader;
+import com.gemstone.gemfire.pdx.PdxSerializable;
+import com.gemstone.gemfire.pdx.PdxWriter;
+import com.gemstone.gemfire.test.dunit.WaitCriterion;
+import com.gemstone.gemfire.test.dunit.internal.JUnit4DistributedTestCase;
+
+/**
+ * Contains utility methods for setting up servers/clients for authentication
+ * and authorization tests.
+ *
+ * @since GemFire 5.5
+ *
+ * @deprecated in favor of just writing a test without this class
+ */
+@Deprecated
+public final class SecurityTestUtils {
+
+ private final JUnit4DistributedTestCase distributedTestCase = new JUnit4DistributedTestCase() {};
+
+ protected static final int NO_EXCEPTION = 0;
+ protected static final int AUTHREQ_EXCEPTION = 1;
+ protected static final int AUTHFAIL_EXCEPTION = 2;
+ protected static final int CONNREFUSED_EXCEPTION = 3;
+ protected static final int NOTAUTHZ_EXCEPTION = 4;
+ protected static final int OTHER_EXCEPTION = 5;
+ protected static final int NO_AVAILABLE_SERVERS = 6;
+ protected static final int SECURITY_EXCEPTION = 7;
+ // Indicates that AuthReqException may not necessarily be thrown
+ protected static final int NOFORCE_AUTHREQ_EXCEPTION = 16;
+
+ protected static final String REGION_NAME = "AuthRegion";
+ protected static final String[] KEYS = { "key1", "key2", "key3", "key4", "key5", "key6", "key7", "key8" };
+ protected static final String[] VALUES = { "value1", "value2", "value3", "value4", "value5", "value6", "value7", "value8" };
+ protected static final String[] NVALUES = { "nvalue1", "nvalue2", "nvalue3", "nvalue4", "nvalue5", "nvalue6", "nvalue7", "nvalue8" };
+
+ private static final int NUMBER_OF_USERS = 1;
+
+ private static String[] ignoredExceptions = null;
+
+ private static Locator locator = null;
+ private static Cache cache = null;
+ private static Properties currentJavaProps = null;
+ private static String locatorString = null;
+
+ private static Pool pool = null;
+ private static boolean multiUserAuthMode = false;
+
+ private static ProxyCache[] proxyCaches = new ProxyCache[NUMBER_OF_USERS];
+
+ private static Region regionRef = null;
+
+ public SecurityTestUtils(String name) { // TODO: delete
+ }
+
+ /**
+ * @deprecated Please use {@link com.gemstone.gemfire.test.dunit.IgnoredException} instead
+ */
+ private static void addIgnoredExceptions(final String[] expectedExceptions) { // TODO: delete
+ if (expectedExceptions != null) {
+ for (int index = 0; index < expectedExceptions.length; index++) {
+ getLogWriter().info("<ExpectedException action=add>" + expectedExceptions[index] + "</ExpectedException>");
+ }
+ }
+ }
+
+ /**
+ * @deprecated Please use {@link com.gemstone.gemfire.test.dunit.IgnoredException} instead
+ */
+ private static void removeExpectedExceptions(final String[] expectedExceptions) { // TODO: delete
+ if (expectedExceptions != null) {
+ for (int index = 0; index < expectedExceptions.length; index++) {
+ getLogWriter().info("<ExpectedException action=remove>" + expectedExceptions[index] + "</ExpectedException>");
+ }
+ }
+ }
+
+ protected static void setJavaProps(final Properties javaProps) {
+ removeJavaProperties(currentJavaProps);
+ addJavaProperties(javaProps);
+ currentJavaProps = javaProps;
+ }
+
+ protected static ProxyCache getProxyCaches(final int index) {
+ return proxyCaches[index];
+ }
+
+ protected static void initDynamicRegionFactory() {
+ DynamicRegionFactory.get().open(new DynamicRegionFactory.Config(null, null, false, true));
+ }
+
+ protected static int getLocatorPort() {
+ int locatorPort = getRandomAvailablePort(SOCKET);
+ String addr = getIPLiteral();
+ if (locatorString == null) {
+ locatorString = addr + "[" + locatorPort + ']';
+ }
+ else {
+ locatorString += "," + addr + "[" + locatorPort + ']';
+ }
+ return locatorPort;
+ }
+
+ /**
+ * Note that this clears the string after returning for convenience in reusing
+ * for other tests. Hence it should normally be invoked only once for a test.
+ */
+ protected static String getAndClearLocatorString() {
+ String locString = locatorString;
+ locatorString = null;
+ return locString;
+ }
+
+ protected static Properties concatProperties(final Properties[] propsList) {
+ Properties props = new Properties();
+ for (int index = 0; index < propsList.length; ++index) {
+ if (propsList[index] != null) {
+ props.putAll(propsList[index]);
+ }
+ }
+ return props;
+ }
+
+ protected static void registerExpectedExceptions(final String[] expectedExceptions) { // TODO: delete
+ SecurityTestUtils.ignoredExceptions = expectedExceptions;
+ }
+
+ protected static int createCacheServer(String authenticatorFactoryMethodName){
+ Properties authProps = new Properties();
+ authProps.setProperty(SECURITY_CLIENT_AUTHENTICATOR, authenticatorFactoryMethodName);
+ return createCacheServer(authProps, null, 0, null, 0, false, NO_EXCEPTION);
+ }
+
+ protected static int createCacheServer(final Properties authProps,
+ final Properties javaProps,
+ final int locatorPort,
+ final String locatorString,
+ final int serverPort,
+ final int expectedResult)
+ {
+ return createCacheServer(authProps, javaProps, locatorPort, locatorString, serverPort, false, expectedResult);
+ }
+
+ protected static int createCacheServer(Properties authProps,
+ final Properties javaProps,
+ final int locatorPort,
+ final String locatorString,
+ final int serverPort,
+ final boolean setupDynamicRegionFactory,
+ final int expectedResult)
+ {
+ if (authProps == null) {
+ authProps = new Properties();
+ }
+ authProps.setProperty(MCAST_PORT, "0");
+ if (locatorString != null && locatorString.length() > 0) {
+ authProps.setProperty(LOCATORS, locatorString);
+ authProps.setProperty(START_LOCATOR, getIPLiteral() + "[" + locatorPort + ']');
+ }
+ else {
+ authProps.setProperty(LOCATORS, "localhost[" + getDUnitLocatorPort() + "]");
+ }
+ authProps.setProperty(SECURITY_LOG_LEVEL, "finest");
+
+ getLogWriter().info("Set the server properties to: " + authProps);
+ getLogWriter().info("Set the java properties to: " + javaProps);
+
+ SecurityTestUtils tmpInstance = new SecurityTestUtils("temp");
+ try {
+ tmpInstance.createSystem(authProps, javaProps);
+ }
+ catch (AuthenticationRequiredException ex) {
+ if (expectedResult == AUTHREQ_EXCEPTION) {
+ getLogWriter().info("Got expected exception when starting peer: " + ex);
+ return 0;
+ }
+ else {
+ fail("Got unexpected exception when starting peer", ex);
+ }
+
+ }
+ catch (AuthenticationFailedException ex) {
+ if (expectedResult == AUTHFAIL_EXCEPTION) {
+ getLogWriter().info("Got expected exception when starting peer: " + ex);
+ return 0;
+ }
+ else {
+ fail("Got unexpected exception when starting peer", ex);
+ }
+
+ }
+ catch (Exception ex) {
+ fail("Got unexpected exception when starting peer", ex);
+ }
+
+ if (setupDynamicRegionFactory) {
+ initDynamicRegionFactory();
+ }
+
+ tmpInstance.openCache();
+
+ AttributesFactory factory = new AttributesFactory();
+ factory.setScope(Scope.DISTRIBUTED_ACK);
+ factory.setDataPolicy(DataPolicy.REPLICATE);
+
+ RegionAttributes attrs = factory.create();
+
+ Region region = cache.createRegion(REGION_NAME, attrs);
+ int port = serverPort <= 0 ? 0 : serverPort;
+
+ CacheServer server1 = cache.addCacheServer();
+
+ server1.setPort(port);
+ server1.setNotifyBySubscription(true);
+ try {
+ server1.start();
+ }
+ catch (AuthenticationRequiredException ex) {
+ if (expectedResult == AUTHREQ_EXCEPTION) {
+ getLogWriter().info("Got expected exception when starting server: " + ex);
+ return 0;
+ }
+ else {
+ fail("Got unexpected exception when starting server", ex);
+ }
+ }
+ catch (Exception ex) {
+ fail("Got unexpected exception when starting server", ex);
+ }
+
+ return server1.getPort();
+ }
+
+ // 1
+ protected static void createCacheClient(final String authInitModule,
+ final Properties authProps,
+ final Properties javaProps,
+ final int[] ports,
+ final int numConnections,
+ final int expectedResult)
+ {
+ createCacheClient(authInitModule, authProps, javaProps, ports, numConnections, false, expectedResult);
+ }
+
+ // 2 a
+ protected static void createCacheClient(final String authInitModule,
+ final Properties authProps,
+ final Properties javaProps,
+ final int[] ports,
+ final int numConnections,
+ final boolean multiUserMode,
+ final int expectedResult)
+ {
+ createCacheClient(authInitModule, authProps, javaProps, ports, numConnections, false, multiUserMode, expectedResult);
+ }
+
+ // 3
+ protected static void createCacheClientWithDynamicRegion(final String authInitModule,
+ final Properties authProps,
+ final Properties javaProps,
+ final int[] ports,
+ final int numConnections,
+ final boolean setupDynamicRegionFactory,
+ final int expectedResult)
+ {
+ createCacheClient(authInitModule, authProps, javaProps, ports, numConnections, setupDynamicRegionFactory, false, expectedResult);
+ }
+
+ // 4
+ protected static void createCacheClient(final String authInitModule,
+ final Properties authProps,
+ final Properties javaProps,
+ final int[] ports,
+ final int numConnections,
+ final boolean setupDynamicRegionFactory,
+ final boolean multiUserMode,
+ final int expectedResult)
+ {
+ createCacheClient(authInitModule, authProps, javaProps, ports, numConnections, setupDynamicRegionFactory, multiUserMode, true, expectedResult);
+ }
+
+ // 5
+ protected static void createCacheClient(final String authInitModule,
+ Properties authProps,
+ final Properties javaProps,
+ int[] ports,
+ final int numConnections,
+ final boolean setupDynamicRegionFactory,
+ final boolean multiUserMode,
+ final boolean subscriptionEnabled,
+ final int expectedResult)
+ {
+ multiUserAuthMode = multiUserMode;
+
+ if (authProps == null) {
+ authProps = new Properties();
+ }
+ authProps.setProperty(MCAST_PORT, "0");
+ authProps.setProperty(LOCATORS, "");
+ authProps.setProperty(SECURITY_LOG_LEVEL, "finest");
+ // TODO (ashetkar) Add " && (!multiUserAuthMode)" below.
+ if (authInitModule != null) {
+ authProps.setProperty(SECURITY_CLIENT_AUTH_INIT, authInitModule);
+ }
+
+ SecurityTestUtils tmpInstance = new SecurityTestUtils("temp");
+ tmpInstance.createSystem(authProps, javaProps);
+
+ AttributesFactory factory = new AttributesFactory();
+
+ int[] portsI = new int[ports.length];
+ for (int z = 0; z < ports.length; z++) {
+ portsI[z] = ports[z];
+ }
+
+ try {
+ PoolFactory poolFactory = PoolManager.createFactory();
+ poolFactory.setRetryAttempts(200);
+
+ if (multiUserAuthMode) {
+ poolFactory.setMultiuserAuthentication(multiUserAuthMode);
+ // [sumedh] Why is this false here only to be overridden in ClientServerTestCase.configureConnectionPoolWithNameAndFactory below?
+ // Actually setting it to false causes MultiUserAPIDUnitTest to fail.
+ //poolFactory.setSubscriptionEnabled(false);
+ }
+
+ pool = configureConnectionPoolWithNameAndFactory(factory, getIPLiteral(), portsI, subscriptionEnabled, 0, numConnections, null, null, poolFactory);
+
+ if (setupDynamicRegionFactory) {
+ initClientDynamicRegionFactory(pool.getName());
+ }
+
+ tmpInstance.openCache();
+ try {
+ getLogWriter().info("multi-user mode " + multiUserAuthMode);
+ proxyCaches[0] = (ProxyCache) ((PoolImpl) pool).createAuthenticatedCacheView(authProps);
+ if (!multiUserAuthMode) {
+ fail("Expected a UnsupportedOperationException but got none in single-user mode");
+ }
+
+ }
+ catch (UnsupportedOperationException uoe) {
+ if (!multiUserAuthMode) {
+ getLogWriter().info("Got expected UnsupportedOperationException in single-user mode");
+ }
+ else {
+ fail("Got unexpected exception in multi-user mode ", uoe);
+ }
+ }
+
+ factory.setScope(Scope.LOCAL);
+ if (multiUserAuthMode) {
+ factory.setDataPolicy(DataPolicy.EMPTY);
+ }
+
+ RegionAttributes attrs = factory.create();
+
+ cache.createRegionFactory(attrs).create(REGION_NAME);
+
+// if (expectedResult != NO_EXCEPTION && expectedResult != NOFORCE_AUTHREQ_EXCEPTION) {
+// if (!multiUserAuthMode) {
+// fail("Expected an exception when starting client");
+// }
+// }
+
+ }
+ catch (AuthenticationRequiredException ex) {
+ if (expectedResult == AUTHREQ_EXCEPTION || expectedResult == NOFORCE_AUTHREQ_EXCEPTION) {
+ getLogWriter().info("Got expected exception when starting client: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when starting client", ex);
+ }
+
+ }
+ catch (AuthenticationFailedException ex) {
+ if (expectedResult == AUTHFAIL_EXCEPTION) {
+ getLogWriter().info("Got expected exception when starting client: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when starting client", ex);
+ }
+
+ }
+ catch (ServerRefusedConnectionException ex) {
+ if (expectedResult == CONNREFUSED_EXCEPTION) {
+ getLogWriter().info("Got expected exception when starting client: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when starting client", ex);
+ }
+
+ }
+ catch (GemFireSecurityException ex){
+ if(expectedResult == SECURITY_EXCEPTION){
+ getLogWriter().info("Got expected exception when starting client: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when starting client", ex);
+ }
+ }
+ catch (Exception ex) {
+ fail("Got unexpected exception when starting client", ex);
+ }
+ }
+
+ protected static void createCacheClientForMultiUserMode(final int numOfUsers,
+ final String authInitModule,
+ final Properties[] authProps,
+ final Properties javaProps,
+ final int[] ports,
+ final int numConnections,
+ final boolean setupDynamicRegionFactory,
+ final int expectedResult)
+ {
+ createCacheClientForMultiUserMode(numOfUsers, authInitModule, authProps, javaProps, ports, numConnections, setupDynamicRegionFactory, null, expectedResult);
+ }
+
+ protected static void createCacheClientForMultiUserMode(final int numOfUsers,
+ final String authInitModule,
+ final Properties[] authProps,
+ final Properties javaProps,
+ final int[] ports,
+ final int numConnections,
+ final boolean setupDynamicRegionFactory,
+ final String durableClientId,
+ final int expectedResult)
+ {
+ if (numOfUsers < 1) {
+ fail("Number of users cannot be less than one");
+ }
+
+ multiUserAuthMode = true;
+
+ if (numOfUsers != authProps.length) {
+ fail("Number of authProps provided does not match with numOfUsers specified, " + authProps.length);
+ }
+
+ if (authProps[0] == null) {
+ authProps[0] = new Properties();
+ }
+ authProps[0].setProperty(MCAST_PORT, "0");
+ authProps[0].setProperty(LOCATORS, "");
+ authProps[0].setProperty(SECURITY_LOG_LEVEL, "finest");
+
+ Properties props = new Properties();
+
+ if (authInitModule != null) {
+ authProps[0].setProperty(SECURITY_CLIENT_AUTH_INIT, authInitModule);
+ props.setProperty(SECURITY_CLIENT_AUTH_INIT, authInitModule);
+ }
+
+ if (durableClientId != null) {
+ props.setProperty(DURABLE_CLIENT_ID, durableClientId);
+ props.setProperty(DURABLE_CLIENT_TIMEOUT, String.valueOf(DistributionConfig.DEFAULT_DURABLE_CLIENT_TIMEOUT));
+ }
+
+ SecurityTestUtils tmpInstance = new SecurityTestUtils("temp");
+ tmpInstance.createSystem(props, javaProps);
+
+ AttributesFactory factory = new AttributesFactory();
+
+ int[] portsI = new int[ports.length];
+ for (int z = 0; z < ports.length; z++) {
+ portsI[z] = ports[z];
+ }
+
+ try {
+ tmpInstance.openCache();
+
+ PoolFactory poolFactory = PoolManager.createFactory();
+ poolFactory.setRetryAttempts(200);
+ poolFactory.setMultiuserAuthentication(multiUserAuthMode);
+ poolFactory.setSubscriptionEnabled(true);
+
+ pool = configureConnectionPoolWithNameAndFactory(factory, getIPLiteral(), portsI, true, 1, numConnections, null, null, poolFactory);
+
+ if (setupDynamicRegionFactory) {
+ initClientDynamicRegionFactory(pool.getName());
+ }
+
+ proxyCaches = new ProxyCache[numOfUsers];
+ for (int i = 0; i < numOfUsers; i++) {
+ proxyCaches[i] = (ProxyCache) ((PoolImpl) pool).createAuthenticatedCacheView(authProps[i]);
+ }
+
+ factory.setScope(Scope.LOCAL);
+ factory.setDataPolicy(DataPolicy.EMPTY);
+ RegionAttributes attrs = factory.create();
+
+ cache.createRegion(REGION_NAME, attrs);
+
+ if (expectedResult != NO_EXCEPTION && expectedResult != NOFORCE_AUTHREQ_EXCEPTION) {
+ if (!multiUserAuthMode) {
+ fail("Expected an exception when starting client");
+ }
+ }
+
+ }
+ catch (AuthenticationRequiredException ex) {
+ if (expectedResult == AUTHREQ_EXCEPTION || expectedResult == NOFORCE_AUTHREQ_EXCEPTION) {
+ getLogWriter().info("Got expected exception when starting client: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when starting client", ex);
+ }
+
+ }
+ catch (AuthenticationFailedException ex) {
+ if (expectedResult == AUTHFAIL_EXCEPTION) {
+ getLogWriter().info("Got expected exception when starting client: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when starting client", ex);
+ }
+
+ }
+ catch (ServerRefusedConnectionException ex) {
+ if (expectedResult == CONNREFUSED_EXCEPTION) {
+ getLogWriter().info("Got expected exception when starting client: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when starting client", ex);
+ }
+
+ }
+ catch (Exception ex) {
+ fail("Got unexpected exception when starting client", ex);
+ }
+ }
+
+ protected static void createProxyCache(final int[] userIndices, final Properties[] props) {
+ int j = 0;
+ for (int i : userIndices) {
+ proxyCaches[i] = (ProxyCache) ((PoolImpl) pool).createAuthenticatedCacheView(props[j]);
+ j++;
+ }
+ }
+
+ protected static void startLocator(final String name, int port, final Properties extraProps, final Properties javaProps, final String[] expectedExceptions) {
+ try {
+ Properties authProps = new Properties();
+
+ if (extraProps != null) {
+ authProps.putAll(extraProps);
+ }
+ authProps.setProperty(MCAST_PORT, "0");
+ authProps.setProperty(LOCATORS, getIPLiteral() + "[" + port + "]");
+ authProps.setProperty(ENABLE_CLUSTER_CONFIGURATION, "false");
+
+ clearStaticSSLContext();
+
+ setJavaProps(javaProps);
+
+ File logFile = new File(name + "-locator" + port + ".log");
+ FileOutputStream logOut = new FileOutputStream(logFile);
+ PrintStream logStream = new PrintStream(logOut);
+ addIgnoredExceptions(expectedExceptions);
+ logStream.flush();
+
+ locator = Locator.startLocatorAndDS(port, logFile, null, authProps);
+
+ }
+ catch (IOException ex) {
+ fail("While starting locator on port " + port, ex);
+ }
+ }
+
+ protected static void stopLocator(final int port, final String[] expectedExceptions) {
+ try {
+ locator.stop();
+ removeExpectedExceptions(expectedExceptions);
+
+ }
+ catch (Exception ex) {
+ fail("While stopping locator on port " + port, ex);
+ }
+ }
+
+ protected static Cache getCache() {
+ return cache;
+ }
+
+ protected static void waitForCondition(final Callable<Boolean> condition) {
+ waitForCondition(condition, 100, 120);
+ }
+
+ protected static void waitForCondition(final Callable<Boolean> condition, final int sleepMillis, final int numTries) {
+ WaitCriterion ev = new WaitCriterion() {
+ @Override
+ public boolean done() {
+ try {
+ return condition.call();
+ }
+ catch (Exception e) {
+ fail("Unexpected exception", e);
+ }
+ return false; // NOTREACHED
+ }
+
+ @Override
+ public String description() {
+ return null;
+ }
+ };
+ waitForCriterion(ev, sleepMillis * numTries, 200, true);
+ }
+
+ protected static Object getLocalValue(final Region region, final Object key) {
+ Region.Entry entry = region.getEntry(key);
+ return (entry != null ? entry.getValue() : null);
+ }
+
+ protected static void doProxyCacheClose() {
+ for (int i = 0; i < proxyCaches.length; i++) {
+ proxyCaches[i].close();
+ }
+ }
+
+ protected static void doPutAllP() throws Exception {
+ Region region = getCache().getRegion(REGION_NAME);
+ assertNotNull(region);
+
+ Map<String, Employee> map = new LinkedHashMap<>();
+ map.put("1010L", new Employee(1010L, "John", "Doe"));
+
+ region.putAll(map);
+ }
+
+ protected static void doPuts(final int num) {
+ doPutsP(num, NO_EXCEPTION, false);
+ }
+
+ protected static void doPuts(final int num, final int expectedResult) {
+ doPutsP(num, expectedResult, false);
+ }
+
+ protected static void doMultiUserPuts(final int num, final int numOfUsers, final int[] expectedResults) {
+ if (numOfUsers != expectedResults.length) {
+ fail("SecurityTestUtils.doMultiUserPuts(): numOfUsers = " + numOfUsers + ", but expected results " + expectedResults.length);
+ }
+
+ for (int i = 0; i < numOfUsers; i++) {
+ getLogWriter().info("PUT: MultiUser# " + i);
+ doPutsP(num, i, expectedResults[i], false);
+ }
+ }
+
+ protected static void doGets(final int num) {
+ doGetsP(num, NO_EXCEPTION, false);
+ }
+
+ protected static void doGets(final int num, final int expectedResult) {
+ doGetsP(num, expectedResult, false);
+ }
+
+ protected static void doMultiUserGetAll(final int numOfUsers, final int[] expectedResults) {
+ doMultiUserGetAll(numOfUsers, expectedResults, false);
+ }
+
+ protected static void doMultiUserGetAll(final int numOfUsers, final int[] expectedResults, final boolean useTX) {
+ if (numOfUsers != expectedResults.length) {
+ fail("SecurityTestUtils.doMultiUserGetAll(): numOfUsers = " + numOfUsers + ", but expected results " + expectedResults.length);
+ }
+
+ for (int i = 0; i < numOfUsers; i++) {
+ getLogWriter().info("GET_ALL" + (useTX ? " in TX" : "") + ": MultiUser# " + i);
+ doGetAllP(i, expectedResults[i], useTX);
+ }
+ }
+
+ protected static void doMultiUserGets(final int num, final int numOfUsers, final int[] expectedResults) {
+ if (numOfUsers != expectedResults.length) {
+ fail("SecurityTestUtils.doMultiUserGets(): numOfUsers = " + numOfUsers + ", but expected results " + expectedResults.length);
+ }
+
+ for (int i = 0; i < numOfUsers; i++) {
+ getLogWriter().info("GET: MultiUser# " + i);
+ doGetsP(num, i, expectedResults[i], false);
+ }
+ }
+
+ protected static void doMultiUserRegionDestroys(final int numOfUsers, final int[] expectedResults) {
+ if (numOfUsers != expectedResults.length) {
+ fail("SecurityTestUtils.doMultiUserRegionDestroys(): numOfUsers = " + numOfUsers + ", but expected results " + expectedResults.length);
+ }
+
+ for (int i = numOfUsers - 1; i >= 0; i--) {
+ getLogWriter().info("DESTROY: MultiUser# " + i);
+ doRegionDestroysP(i, expectedResults[i]);
+ }
+ }
+
+ protected static void doMultiUserDestroys(final int num, final int numOfUsers, final int[] expectedResults) {
+ if (numOfUsers != expectedResults.length) {
+ fail("SecurityTestUtils.doMultiUserDestroys(): numOfUsers = " + numOfUsers + ", but expected results " + expectedResults.length);
+ }
+
+ for (int i = 0; i < numOfUsers; i++) {
+ getLogWriter().info("DESTROY: MultiUser# " + i);
+ doDestroysP(num, i, expectedResults[i]);
+ }
+ }
+
+ protected static void doMultiUserInvalidates(final int num, final int numOfUsers, final int[] expectedResults) {
+ if (numOfUsers != expectedResults.length) {
+ fail("SecurityTestUtils.doMultiUserInvalidates(): numOfUsers = " + numOfUsers + ", but expected results " + expectedResults.length);
+ }
+
+ for (int i = 0; i < numOfUsers; i++) {
+ getLogWriter().info("INVALIDATE: MultiUser# " + i);
+ doInvalidatesP(num, i, expectedResults[i]);
+ }
+ }
+
+ protected static void doMultiUserContainsKeys(final int num, final int numOfUsers, final int[] expectedResults, final boolean[] results) {
+ if (numOfUsers != expectedResults.length) {
+ fail("SecurityTestUtils.doMultiUserContainsKeys(): numOfUsers = " + numOfUsers + ", but #expected results " + expectedResults.length);
+ }
+
+ if (numOfUsers != results.length) {
+ fail("SecurityTestUtils.doMultiUserContainsKeys(): numOfUsers = " + numOfUsers + ", but #expected output " + results.length);
+ }
+
+ for (int i = 0; i < numOfUsers; i++) {
+ getLogWriter().info("CONTAINS_KEY: MultiUser# " + i);
+ doContainsKeysP(num, i, expectedResults[i], results[i]);
+ }
+ }
+
+ protected static void doMultiUserQueries(final int numOfUsers, final int[] expectedResults, final int valueSize) {
+ if (numOfUsers != expectedResults.length) {
+ fail("SecurityTestUtils.doMultiUserQueries(): numOfUsers = " + numOfUsers + ", but #expected results " + expectedResults.length);
+ }
+
+ for (int i = 0; i < numOfUsers; i++) {
+ getLogWriter().info("QUERY: MultiUser# " + i);
+ doQueriesP(i, expectedResults[i], valueSize);
+ }
+ }
+
+ protected static void doMultiUserFE(final int numOfUsers, final Function function, final int[] expectedResults, final boolean isFailOverCase) {
+ if (numOfUsers != expectedResults.length) {
+ fail("SecurityTestUtils.doMultiUserFE(): numOfUsers = " + numOfUsers + ", but #expected results " + expectedResults.length);
+ }
+
+ for (int i = 0; i < numOfUsers; i++) {
+ getLogWriter().info("FunctionExecute:onRegion MultiUser# " + i);
+ doFunctionExecuteP(i, function, expectedResults[i], "region");
+ }
+
+ for (int i = 0; i < numOfUsers; i++) {
+ getLogWriter().info("FunctionExecute:onServer MultiUser# " + i);
+ doFunctionExecuteP(i, function, expectedResults[i], "server");
+ }
+
+ if (!isFailOverCase) {
+ for (int i = 0; i < numOfUsers; i++) {
+ getLogWriter().info("FunctionExecute:onServers MultiUser# " + i);
+ doFunctionExecuteP(i, function, expectedResults[i], "servers");
+ }
+ }
+ }
+
+ protected static void doMultiUserQueryExecute(final int numOfUsers, final int[] expectedResults, final int result) {
+ if (numOfUsers != expectedResults.length) {
+ fail("SecurityTestUtils.doMultiUserFE(): numOfUsers = " + numOfUsers + ", but #expected results " + expectedResults.length);
+ }
+
+ for (int i = 0; i < numOfUsers; i++) {
+ getLogWriter().info("QueryExecute: MultiUser# " + i);
+ doQueryExecuteP(i, expectedResults[i], result);
+ }
+ }
+
+ protected static void doLocalGets(final int num) {
+ doLocalGetsP(num, false);
+ }
+
+ protected static void doNPuts(final int num) {
+ doPutsP(num, NO_EXCEPTION, true);
+ }
+
+ protected static void doNPuts(final int num, final int expectedResult) {
+ doPutsP(num, expectedResult, true);
+ }
+
+ protected static void doNGets(final int num) {
+ doGetsP(num, NO_EXCEPTION, true);
+ }
+
+ protected static void doNGets(final int num, final int expectedResult) {
+ doGetsP(num, expectedResult, true);
+ }
+
+ protected static void doNLocalGets(final int num) {
+ doLocalGetsP(num, true);
+ }
+
+ protected static void doSimpleGet(final String expectedResult) {
+ if (regionRef != null) {
+ try {
+ regionRef.get("KEY");
+ if (expectedResult != null && expectedResult.endsWith("Exception")) {
+ fail("Expected " + expectedResult + " but found none in doSimpleGet()");
+ }
+
+ }
+ catch (Exception e) {
+ if (!e.getClass().getSimpleName().endsWith(expectedResult)) {
+ fail("Expected " + expectedResult + " but found " + e.getClass().getSimpleName() + " in doSimpleGet()");
+ }
+ else {
+ getLogWriter().fine("Got expected " + e.getClass().getSimpleName() + " in doSimpleGet()");
+ }
+ }
+ }
+ }
+
+ protected static void doSimplePut(final String expectedResult) {
+ if (regionRef != null) {
+ try {
+ regionRef.put("KEY", "VALUE");
+ if (expectedResult != null && expectedResult.endsWith("Exception")) {
+ fail("Expected " + expectedResult + " but found none in doSimplePut()");
+ }
+
+ }
+ catch (Exception e) {
+ if (!e.getClass().getSimpleName().endsWith(expectedResult)) {
+ fail("Expected " + expectedResult + " but found " + e.getClass().getSimpleName() + " in doSimplePut()", e);
+ }
+ else {
+ getLogWriter().fine("Got expected " + e.getClass().getSimpleName() + " in doSimplePut()");
+ }
+ }
+ }
+ }
+
+ /**
+ * This is a hack using reflection to clear the static objects in JSSE since
+ * otherwise changing the javax.* store related properties has no effect
+ * during the course of running dunit suite unless the VMs are restarted.
+ */
+ protected static void clearStaticSSLContext() {
+ ServerSocketFactory defaultServerFact = SSLServerSocketFactory.getDefault();
+
+ // Get the class of this and use reflection to blank out any static SSLContext objects inside
+ Map<Field, Object> contextMap = getSSLFields(defaultServerFact, new Class[] { SSLContext.class, SSLContextSpi.class });
+ makeNullSSLFields(defaultServerFact, contextMap);
+
+ for (Iterator contextObjsIter = contextMap.values().iterator(); contextObjsIter.hasNext(); ) {
+ Object contextObj = contextObjsIter.next();
+ Map<Field, Object> contextObjsMap = getSSLFields(contextObj,
+ new Class[] { TrustManager.class, KeyManager.class, TrustManager[].class, KeyManager[].class });
+ makeNullSSLFields(contextObj, contextObjsMap);
+ }
+
+ makeNullStaticField(SSLServerSocketFactory.class);
+
+ // Do the same for normal SSL socket factory
+ SocketFactory defaultFact = SSLSocketFactory.getDefault();
+ contextMap = getSSLFields(defaultFact, new Class[] { SSLContext.class, SSLContextSpi.class });
+ makeNullSSLFields(defaultFact, contextMap);
+
+ for (Iterator contextObjsIter = contextMap.values().iterator(); contextObjsIter.hasNext(); ) {
+ Object contextObj = contextObjsIter.next();
+ Map<Field, Object> contextObjsMap = getSSLFields(contextObj,
+ new Class[] { TrustManager.class, KeyManager.class, TrustManager[].class, KeyManager[].class });
+ makeNullSSLFields(contextObj, contextObjsMap);
+ }
+
+ makeNullStaticField(SSLSocketFactory.class);
+ makeNullStaticField(SSLContext.class);
+ }
+
+ protected static void closeCache() {
+ removeExpectedExceptions(ignoredExceptions);
+
+ if (cache != null && !cache.isClosed()) {
+ DistributedSystem sys = cache.getDistributedSystem();
+ cache.close();
+ sys.disconnect();
+ cache = null;
+ }
+
+ disconnectFromDS();
+ }
+
+ protected static void closeCache(final Boolean keepAlive) {
+ removeExpectedExceptions(ignoredExceptions);
+
+ if (cache != null && !cache.isClosed()) {
+ DistributedSystem sys = cache.getDistributedSystem();
+ cache.close(keepAlive);
+ sys.disconnect();
+ cache = null;
+ }
+
+ disconnectFromDS();
+ }
+
+ // ------------------------- private static methods -------------------------
+
+ private static void initClientDynamicRegionFactory(final String poolName) {
+ DynamicRegionFactory.get().open(new DynamicRegionFactory.Config(null, poolName, false, true));
+ }
+
+ private static void addJavaProperties(final Properties javaProps) {
+ if (javaProps != null) {
+ for (Iterator iter = javaProps.entrySet().iterator(); iter.hasNext(); ) {
+ Map.Entry entry = (Map.Entry) iter.next();
+ System.setProperty((String) entry.getKey(), (String) entry.getValue());
+ }
+ }
+ }
+
+ private static void removeJavaProperties(final Properties javaProps) {
+ if (javaProps != null) {
+ Properties props = System.getProperties();
+
+ for (Iterator iter = javaProps.keySet().iterator(); iter.hasNext(); ) {
+ props.remove(iter.next());
+ }
+
+ System.setProperties(props);
+ }
+ }
+
+ private static void doPutsP(final int num, final int expectedResult, final boolean newVals) {
+ doPutsP(num, 0, expectedResult, newVals);
+ }
+
+ private static void doPutsP(final int num, final int multiUserIndex, final int expectedResult, final boolean newVals) {
+ assertTrue(num <= KEYS.length);
+ Region region = null;
+
+ try {
+ if (multiUserAuthMode) {
+ region = proxyCaches[multiUserIndex].getRegion(REGION_NAME);
+ regionRef = region;
+ }
+ else {
+ region = getCache().getRegion(REGION_NAME);
+ }
+ assertNotNull(region);
+
+ }
+ catch (Exception ex) {
+ if (expectedResult == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing puts: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when doing puts", ex);
+ }
+ }
+
+ for (int index = 0; index < num; ++index) {
+ try {
+ if (newVals) {
+ region.put(KEYS[index], NVALUES[index]);
+ }
+ else {
+ region.put(KEYS[index], VALUES[index]);
+ }
+ if (expectedResult != NO_EXCEPTION) {
+ fail("Expected a NotAuthorizedException while doing puts");
+ }
+
+ }
+ catch (NoAvailableServersException ex) {
+ if (expectedResult == NO_AVAILABLE_SERVERS) {
+ getLogWriter().info("Got expected NoAvailableServers when doing puts: " + ex.getCause());
+ continue;
+ }
+ else {
+ fail("Got unexpected exception when doing puts", ex);
+ }
+
+ }
+ catch (ServerConnectivityException ex) {
+ if ((expectedResult == NOTAUTHZ_EXCEPTION) && (ex.getCause() instanceof NotAuthorizedException)) {
+ getLogWriter().info("Got expected NotAuthorizedException when doing puts: " + ex.getCause());
+ continue;
+ }
+
+ if ((expectedResult == AUTHREQ_EXCEPTION) && (ex.getCause() instanceof AuthenticationRequiredException)) {
+ getLogWriter().info("Got expected AuthenticationRequiredException when doing puts: " + ex.getCause());
+ continue;
+ }
+
+ if ((expectedResult == AUTHFAIL_EXCEPTION) && (ex.getCause() instanceof AuthenticationFailedException)) {
+ getLogWriter().info("Got expected AuthenticationFailedException when doing puts: " + ex.getCause());
+ continue;
+ }
+ else if (expectedResult == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing puts: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when doing puts", ex);
+ }
+
+ }
+ catch (Exception ex) {
+ if (expectedResult == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing puts: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when doing puts", ex);
+ }
+ }
+ }
+ }
+
+ private static Map<Field, Object> getSSLFields(final Object obj, final Class[] classes) {
+ Map<Field, Object> resultFields = new HashMap<>();
+ Field[] fields = obj.getClass().getDeclaredFields();
+
+ for (int index = 0; index < fields.length; ++index) {
+ Field field = fields[index];
+
+ try {
+ field.setAccessible(true);
+ Object fieldObj = field.get(obj);
+ boolean isInstance = false;
+
+ for (int classIndex = 0; classIndex < classes.length; ++classIndex) {
+ if ((isInstance = classes[classIndex].isInstance(fieldObj)) == true) {
+ break;
+ }
+ }
+
+ if (isInstance) {
+ resultFields.put(field, fieldObj);
+ }
+
+ }
+ catch (IllegalAccessException ex) {
+ getLogWriter().warning("Exception while getting SSL fields.", ex);
+ }
+ }
+ return resultFields;
+ }
+
+ private static void makeNullSSLFields(final Object obj, final Map<Field, Object> fieldMap) {
+ for (Iterator<Map.Entry<Field, Object>> fieldIter = fieldMap.entrySet().iterator(); fieldIter.hasNext(); ) {
+ Map.Entry<Field, Object> entry = fieldIter.next();
+ Field field = entry.getKey();
+ Object fieldObj = entry.getValue();
+
+ try {
+ field.setAccessible(true);
+ makeNullStaticField(fieldObj.getClass());
+ field.set(obj, null);
+ assertNull(field.get(obj));
+
+ }
+ catch (IllegalAccessException ex) {
+ getLogWriter().warning("Exception while clearing SSL fields.", ex);
+ }
+ }
+ }
+
+ /**
+ * Deal with javax SSL properties
+ */
+ private static void makeNullStaticField(final Class sslClass) {
+ Field[] fields = sslClass.getDeclaredFields();
+ for (int index = 0; index < fields.length; ++index) {
+ Field field = fields[index];
+
+ try {
+ if (Modifier.isStatic(field.getModifiers())) {
+ field.setAccessible(true);
+ if (field.getClass().equals(boolean.class)) {
+ field.setBoolean(null, false);
+ assertFalse(field.getBoolean(null));
+
+ }
+ else if (sslClass.isInstance(field.get(null))) {
+ field.set(null, null);
+ assertNull(field.get(null));
+ }
+ }
+
+ }
+ catch (IllegalAccessException ex) {
+ getLogWriter().warning("Exception while clearing static SSL field.", ex);
+ }
+ catch (ClassCastException ex) {
+ getLogWriter().warning("Exception while clearing static SSL field.", ex);
+ }
+ }
+ }
+
+ private static void doQueryExecuteP(final int multiUserIndex, final int expectedResult, final int expectedValue) {
+ Region region = null;
+ try {
+ if (multiUserAuthMode) {
+ region = proxyCaches[multiUserIndex].getRegion(REGION_NAME);
+ }
+ else {
+ region = getCache().getRegion(REGION_NAME);
+ }
+ assertNotNull(region);
+
+ }
+ catch (Exception ex) {
+ if (expectedResult == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when executing query: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when executing query", ex);
+ }
+ }
+
+ try {
+ String queryString = "SELECT DISTINCT * FROM " + region.getFullPath();
+ Query query = null;
+
+ if (multiUserAuthMode) {
+ query = proxyCaches[multiUserIndex].getQueryService().newQuery(queryString);
+ }
+ else {
+ region.getCache().getQueryService().newQuery(queryString);
+ }
+
+ SelectResults result = (SelectResults) query.execute();
+ if (expectedResult != NO_EXCEPTION) {
+ fail("Expected a NotAuthorizedException while executing function");
+ }
+ assertEquals(expectedValue, result.asList().size());
+
+ }
+ catch (NoAvailableServersException ex) {
+ if (expectedResult == NO_AVAILABLE_SERVERS) {
+ getLogWriter().info("Got expected NoAvailableServers when executing query: " + ex.getCause());
+ }
+ else {
+ fail("Got unexpected exception when executing query", ex);
+ }
+
+ }
+ catch (ServerConnectivityException ex) {
+ if ((expectedResult == NOTAUTHZ_EXCEPTION) && (ex.getCause() instanceof NotAuthorizedException)) {
+ getLogWriter().info("Got expected NotAuthorizedException when executing query: " + ex.getCause());
+ }
+ else if (expectedResult == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when executing query: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when executing query", ex);
+ }
+
+ }
+ catch (Exception ex) {
+ if (expectedResult == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when executing query: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when executing query", ex);
+ }
+ }
+ }
+
+ private static void doFunctionExecuteP(final int multiUserIndex, final Function function, int expectedResult, final String method) {
+ Region region = null;
+ try {
+ if (multiUserAuthMode) {
+ region = proxyCaches[multiUserIndex].getRegion(REGION_NAME);
+ }
+ else {
+ region = getCache().getRegion(REGION_NAME);
+ }
+ assertNotNull(region);
+
+ }
+ catch (Exception ex) {
+ if (expectedResult == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when executing function: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when executing function", ex);
+ }
+ }
+
+ try {
+ FunctionService.registerFunction(function);
+ Execution execution = null;
+
+ if ("region".equals(method)) {
+ execution = FunctionService.onRegion(region);
+
+ }
+ else if ("server".equals(method)) {
+ if (multiUserAuthMode) {
+ execution = FunctionService.onServer(proxyCaches[multiUserIndex]);
+ }
+ else {
+ execution = FunctionService.onServer(pool);
+ }
+
+ }
+ else { // if ("servers".equals(method)) {
+ if (multiUserAuthMode) {
+ execution = FunctionService.onServers(proxyCaches[multiUserIndex]);
+ }
+ else {
+ execution = FunctionService.onServers(pool);
+ }
+ }
+
+ execution.execute(function.getId());
+ if (expectedResult != NO_EXCEPTION) {
+ fail("Expected a NotAuthorizedException while executing function");
+ }
+
+ }
+ catch (NoAvailableServersException ex) {
+ if (expectedResult == NO_AVAILABLE_SERVERS) {
+ getLogWriter().info("Got expected NoAvailableServers when executing function: " + ex.getCause());
+ }
+ else {
+ fail("Got unexpected exception when executing function", ex);
+ }
+
+ }
+ catch (ServerConnectivityException ex) {
+ if ((expectedResult == NOTAUTHZ_EXCEPTION) && (ex.getCause() instanceof NotAuthorizedException)) {
+ getLogWriter().info("Got expected NotAuthorizedException when executing function: " + ex.getCause());
+ }
+ else if (expectedResult == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when executing function: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when executing function", ex);
+ }
+
+ }
+ catch (FunctionException ex) {
+ // if NOTAUTHZ_EXCEPTION AND (cause is NotAuthorizedException OR (cause is ServerOperationException AND cause.cause is NotAuthorizedException))
+ if (expectedResult == NOTAUTHZ_EXCEPTION && (ex.getCause() instanceof NotAuthorizedException || (ex.getCause() instanceof ServerOperationException && ex
+ .getCause().getCause() instanceof NotAuthorizedException))) {
+ getLogWriter().info("Got expected NotAuthorizedException when executing function: " + ex.getCause());
+ }
+ else if (expectedResult == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when executing function: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when executing function", ex);
+ }
+
+ }
+ catch (Exception ex) {
+ if (expectedResult == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when executing function: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when executing function", ex);
+ }
+ }
+ }
+
+ private static void doQueriesP(final int multiUserIndex, final int expectedResult, final int expectedValue) {
+ Region region = null;
+ try {
+ if (multiUserAuthMode) {
+ region = proxyCaches[multiUserIndex].getRegion(REGION_NAME);
+ }
+ else {
+ region = getCache().getRegion(REGION_NAME);
+ }
+ assertNotNull(region);
+
+ }
+ catch (Exception ex) {
+ if (expectedResult == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing queries: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when doing queries", ex);
+ }
+ }
+
+ String queryStr = "SELECT DISTINCT * FROM " + region.getFullPath();
+ try {
+ SelectResults queryResults = region.query(queryStr);
+ Set resultSet = queryResults.asSet();
+ assertEquals(expectedValue, resultSet.size());
+ if (expectedResult != NO_EXCEPTION) {
+ fail("Expected a NotAuthorizedException while doing queries");
+ }
+
+ }
+ catch (NoAvailableServersException ex) {
+ if (expectedResult == NO_AVAILABLE_SERVERS) {
+ getLogWriter().info("Got expected NoAvailableServers when doing queries: " + ex.getCause());
+ }
+ else {
+ fail("Got unexpected exception when doing queries", ex);
+ }
+
+ }
+ catch (ServerConnectivityException ex) {
+ if ((expectedResult == NOTAUTHZ_EXCEPTION) && (ex.getCause() instanceof NotAuthorizedException)) {
+ getLogWriter().info("Got expected NotAuthorizedException when doing queries: " + ex.getCause());
+ }
+ else if (expectedResult == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing queries: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when doing queries", ex);
+ }
+
+ }
+ catch (QueryInvocationTargetException qite) {
+ if ((expectedResult == NOTAUTHZ_EXCEPTION) && (qite.getCause() instanceof NotAuthorizedException)) {
+ getLogWriter().info("Got expected NotAuthorizedException when doing queries: " + qite.getCause());
+ }
+ else if (expectedResult == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing queries: " + qite);
+ }
+ else {
+ fail("Got unexpected exception when doing queries", qite);
+ }
+
+ }
+ catch (Exception ex) {
+ if (expectedResult == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing queries: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when doing queries", ex);
+ }
+ }
+ }
+
+ private static void doContainsKeysP(final int num, final int multiUserIndex, final int expectedResult, final boolean expectedValue) {
+ assertTrue(num <= KEYS.length);
+
+ Region region = null;
+ try {
+ if (multiUserAuthMode) {
+ region = proxyCaches[multiUserIndex].getRegion(REGION_NAME);
+ }
+ else {
+ region = getCache().getRegion(REGION_NAME);
+ }
+ assertNotNull(region);
+
+ }
+ catch (Exception ex) {
+ if (expectedResult == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing containsKey: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when doing containsKey", ex);
+ }
+ }
+
+ for (int index = 0; index < num; ++index) {
+ boolean result = false;
+
+ try {
+ result = region.containsKeyOnServer(KEYS[index]);
+ if (expectedResult != NO_EXCEPTION) {
+ fail("Expected a NotAuthorizedException while doing containsKey");
+ }
+
+ }
+ catch (NoAvailableServersException ex) {
+ if (expectedResult == NO_AVAILABLE_SERVERS) {
+ getLogWriter().info("Got expected NoAvailableServers when doing containsKey: " + ex.getCause());
+ continue;
+ }
+ else {
+ fail("Got unexpected exception when doing containsKey", ex);
+ }
+
+ }
+ catch (ServerConnectivityException ex) {
+ if ((expectedResult == NOTAUTHZ_EXCEPTION) && (ex.getCause() instanceof NotAuthorizedException)) {
+ getLogWriter().info("Got expected NotAuthorizedException when doing containsKey: " + ex.getCause());
+ continue;
+ }
+ else if (expectedResult == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing containsKey: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when doing containsKey", ex);
+ }
+
+ }
+ catch (Exception ex) {
+ if (expectedResult == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing containsKey: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when doing containsKey", ex);
+ }
+ }
+
+ assertEquals(expectedValue, result);
+ }
+ }
+
+ private static void doInvalidatesP(final int num, final int multiUserIndex, final int expectedResult) {
+ assertTrue(num <= KEYS.length);
+
+ Region region = null;
+ try {
+ if (multiUserAuthMode) {
+ region = proxyCaches[multiUserIndex].getRegion(REGION_NAME);
+ }
+ else {
+ region = getCache().getRegion(REGION_NAME);
+ }
+ assertNotNull(region);
+
+ }
+ catch (Exception ex) {
+ if (expectedResult == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing invalidates: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when doing invalidates", ex);
+ }
+ }
+
+ for (int index = 0; index < num; ++index) {
+ try {
+ region.invalidate(KEYS[index]);
+ if (expectedResult != NO_EXCEPTION) {
+ fail("Expected a NotAuthorizedException while doing invalidates");
+ }
+
+ }
+ catch (NoAvailableServersException ex) {
+ if (expectedResult == NO_AVAILABLE_SERVERS) {
+ getLogWriter().info("Got expected NoAvailableServers when doing invalidates: " + ex.getCause());
+ continue;
+ }
+ else {
+ fail("Got unexpected exception when doing invalidates", ex);
+ }
+
+ }
+ catch (ServerConnectivityException ex) {
+ if ((expectedResult == NOTAUTHZ_EXCEPTION) && (ex.getCause() instanceof NotAuthorizedException)) {
+ getLogWriter().info("Got expected NotAuthorizedException when doing invalidates: " + ex.getCause());
+ continue;
+ }
+ else if (expectedResult == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing invalidates: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when doing invalidates", ex);
+ }
+
+ }
+ catch (Exception ex) {
+ if (expectedResult == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing invalidates: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when doing invalidates", ex);
+ }
+ }
+ }
+ }
+
+ private static void doDestroysP(final int num, final int multiUserIndex, final int expectedResult) {
+ assertTrue(num <= KEYS.length);
+
+ Region region = null;
+ try {
+ if (multiUserAuthMode) {
+ region = proxyCaches[multiUserIndex].getRegion(REGION_NAME);
+ }
+ else {
+ region = getCache().getRegion(REGION_NAME);
+ }
+ assertNotNull(region);
+
+ }
+ catch (Exception ex) {
+ if (expectedResult == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing destroys: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when doing destroys", ex);
+ }
+ }
+
+ for (int index = 0; index < num; ++index) {
+ try {
+ region.destroy(KEYS[index]);
+ if (expectedResult != NO_EXCEPTION) {
+ fail("Expected a NotAuthorizedException while doing destroys");
+ }
+
+ }
+ catch (NoAvailableServersException ex) {
+ if (expectedResult == NO_AVAILABLE_SERVERS) {
+ getLogWriter().info("Got expected NoAvailableServers when doing destroys: " + ex.getCause());
+ continue;
+ }
+ else {
+ fail("Got unexpected exception when doing destroys", ex);
+ }
+
+ }
+ catch (ServerConnectivityException ex) {
+ if ((expectedResult == NOTAUTHZ_EXCEPTION) && (ex.getCause() instanceof NotAuthorizedException)) {
+ getLogWriter().info("Got expected NotAuthorizedException when doing destroys: " + ex.getCause());
+ continue;
+ }
+ else if (expectedResult == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing destroys: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when doing destroys", ex);
+ }
+
+ }
+ catch (Exception ex) {
+ if (expectedResult == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing destroys: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when doing destroys", ex);
+ }
+ }
+ }
+ }
+
+ private static void doRegionDestroysP(final int multiUserIndex, final int expectedResult) {
+ Region region = null;
+ try {
+ if (multiUserAuthMode) {
+ region = proxyCaches[multiUserIndex].getRegion(REGION_NAME);
+ }
+ else {
+ region = getCache().getRegion(REGION_NAME);
+ }
+ assertNotNull(region);
+
+ }
+ catch (Exception ex) {
+ if (expectedResult == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing region destroy: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when doing region destroy", ex);
+ }
+ }
+
+ try {
+ region.destroyRegion();
+ if (expectedResult != NO_EXCEPTION) {
+ fail("Expected a NotAuthorizedException while doing region destroy");
+ }
+
+ if (multiUserAuthMode) {
+ region = proxyCaches[multiUserIndex].getRegion(REGION_NAME);
+ }
+ else {
+ region = getCache().getRegion(REGION_NAME);
+ }
+ assertNull(region);
+
+ }
+ catch (NoAvailableServersException ex) {
+ if (expectedResult == NO_AVAILABLE_SERVERS) {
+ getLogWriter().info("Got expected NoAvailableServers when doing region destroy: " + ex.getCause());
+ }
+ else {
+ fail("Got unexpected exception when doing region destroy", ex);
+ }
+
+ }
+ catch (ServerConnectivityException ex) {
+ if ((expectedResult == NOTAUTHZ_EXCEPTION) && (ex.getCause() instanceof NotAuthorizedException)) {
+ getLogWriter().info("Got expected NotAuthorizedException when doing region destroy: " + ex.getCause());
+ }
+ else if (expectedResult == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing region destroy: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when doing region destroy", ex);
+ }
+
+ }
+ catch (Exception ex) {
+ if (expectedResult == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing region destroy: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when doing region destroy", ex);
+ }
+ }
+ }
+
+ private static void doLocalGetsP(final int num, final boolean checkNVals) {
+ assertTrue(num <= KEYS.length);
+
+ String[] vals = VALUES;
+ if (checkNVals) {
+ vals = NVALUES;
+ }
+
+ final Region region = getCache().getRegion(REGION_NAME);
+ assertNotNull(region);
+
+ for (int index = 0; index < num; ++index) {
+ final String key = KEYS[index];
+ final String expectedVal = vals[index];
+ waitForCondition(() -> expectedVal.equals(getLocalValue(region, key)), 1000, 30 / num);
+ }
+
+ for (int index = 0; index < num; ++index) {
+ Region.Entry entry = region.getEntry(KEYS[index]);
+ assertNotNull(entry);
+ assertEquals(vals[index], entry.getValue());
+ }
+ }
+
+ private static void doGetAllP(final int multiUserIndex, final int expectedResult, final boolean useTX) {
+ Region region = null;
+ try {
+ if (multiUserAuthMode) {
+ region = proxyCaches[multiUserIndex].getRegion(REGION_NAME);
+ }
+ else {
+ region = getCache().getRegion(REGION_NAME);
+ }
+ assertNotNull(region);
+
+ }
+ catch (Exception ex) {
+ if (expectedResult == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing getAll: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when doing getAll", ex);
+ }
+ }
+
+ try {
+ List keys = new ArrayList();
+ keys.add("key1");
+ keys.add("key2");
+
+ if (useTX) {
+ getCache().getCacheTransactionManager().begin();
+ }
+
+ Map entries = region.getAll(keys);
+
+ // Also check getEntry()
+ region.getEntry("key1");
+
+ if (useTX) {
+ getCache().getCacheTransactionManager().commit();
+ }
+
+ assertNotNull(entries);
+
+ if ((expectedResult == NOTAUTHZ_EXCEPTION)) {
+ assertEquals(0, entries.size());
+ }
+ else if ((expectedResult == NO_EXCEPTION)) {
+ assertEquals(2, entries.size());
+ assertEquals("value1", entries.get("key1"));
+ assertEquals("value2", entries.get("key2"));
+ }
+
+ }
+ catch (NoAvailableServersException ex) {
+ if (expectedResult == NO_AVAILABLE_SERVERS) {
+ getLogWriter().info("Got expected NoAvailableServers when doing getAll: " + ex.getCause());
+ }
+ else {
+ fail("Got unexpected exception when doing getAll", ex);
+ }
+
+ }
+ catch (ServerConnectivityException ex) {
+ if ((expectedResult == NOTAUTHZ_EXCEPTION) && (ex.getCause() instanceof NotAuthorizedException)) {
+ getLogWriter().info("Got expected NotAuthorizedException when doing getAll: " + ex.getCause());
+ }
+ else if (expectedResult == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing getAll: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when doing getAll", ex);
+ }
+
+ }
+ catch (Exception ex) {
+ if (expectedResult == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing getAll: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when doing getAll", ex);
+ }
+ }
+ }
+
+ private static void doGetsP(final int num, final int expectedResult, final boolean newVals) {
+ doGetsP(num, 0, expectedResult, newVals);
+ }
+
+ private static void doGetsP(final int num, final int multiUserIndex, final int expectedResult, final boolean newVals) {
+ assertTrue(num <= KEYS.length);
+
+ Region region = null;
+ try {
+ if (multiUserAuthMode) {
+ region = proxyCaches[multiUserIndex].getRegion(REGION_NAME);
+ }
+ else {
+ region = getCache().getRegion(REGION_NAME);
+ }
+ assertNotNull(region);
+
+ }
+ catch (Exception ex) {
+ if (expectedResult == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing gets: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when doing gets", ex);
+ }
+ }
+
+ for (int index = 0; index < num; ++index) {
+ Object value = null;
+ try {
+
+ try {
+ region.localInvalidate(KEYS[index]);
+ }
+ catch (Exception ex) {
+ }
+
+ value = region.get(KEYS[index]);
+ if (expectedResult != NO_EXCEPTION) {
+ fail("Expected a NotAuthorizedException while doing gets");
+ }
+
+ }
+ catch (NoAvailableServersException ex) {
+ if (expectedResult == NO_AVAILABLE_SERVERS) {
+ getLogWriter().info("Got expected NoAvailableServers when doing gets: " + ex.getCause());
+ continue;
+ }
+ else {
+ fail("Got unexpected exception when doing gets", ex);
+ }
+
+ }
+ catch (ServerConnectivityException ex) {
+ if ((expectedResult == NOTAUTHZ_EXCEPTION) && (ex.getCause() instanceof NotAuthorizedException)) {
+ getLogWriter().info("Got expected NotAuthorizedException when doing gets: " + ex.getCause());
+ continue;
+ }
+ else if (expectedResult == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing gets: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when doing gets", ex);
+ }
+
+ }
+ catch (Exception ex) {
+ if (expectedResult == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing gets: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when doing gets", ex);
+ }
+ }
+
+ assertNotNull(value);
+
+ if (newVals) {
+ assertEquals(NVALUES[index], value);
+ }
+ else {
+ assertEquals(VALUES[index], value);
+ }
+ }
+ }
+
+ // ----------------------------- member methods -----------------------------
+
+ public DistributedSystem createSystem(final Properties sysProps, final Properties javaProps) {
+ closeCache();
+ clearStaticSSLContext();
+ setJavaProps(javaProps);
+
+ DistributedSystem dsys = distributedTestCase.getSystem(sysProps);
+ assertNotNull(dsys);
+ addIgnoredExceptions(ignoredExceptions);
+ return dsys;
+ }
+
+ private void openCache() {
+ assertNotNull(distributedTestCase.basicGetSystem());
+ assertTrue(distributedTestCase.basicGetSystem().isConnected());
+ cache = CacheFactory.create(distributedTestCase.basicGetSystem());
+ assertNotNull(cache);
+ }
+
+ // ------------------------------- inner classes ----------------------------
+
+ private static class Employee implements PdxSerializable {
+
+ private Long Id;
+ private String fname;
+ private String lname;
+
+ public Employee() {
+ }
+
+ public Employee(Long id, String fn, String ln) {
+ this.Id = id;
+ this.fname = fn;
+ this.lname = ln;
+ }
+
+ /**
+ * For test purpose, to make sure
+ * the object is not deserialized
+ */
+ @Override
+ public void fromData(PdxReader in) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public void toData(PdxWriter out) {
+ out.writeLong("Id", Id);
+ out.writeString("fname", fname);
+ out.writeString("lname", lname);
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/SpySecurityManager.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/SpySecurityManager.java b/geode-core/src/test/java/org/apache/geode/security/SpySecurityManager.java
new file mode 100644
index 0000000..91d25f0
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/SpySecurityManager.java
@@ -0,0 +1,42 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import java.util.Properties;
+
+import org.apache.geode.security.SecurityManager;
+
+public class SpySecurityManager implements SecurityManager {
+
+ public int initInvoked = 0;
+ public int closeInvoked = 0;
+
+ @Override
+ public void init(final Properties securityProps) {
+ initInvoked++;
+ }
+
+ @Override
+ public Object authenticate(final Properties props) throws AuthenticationFailedException {
+ return null;
+ }
+
+ @Override
+ public void close() {
+ closeInvoked++;
+ }
+}
[09/15] incubator-geode git commit: GEODE-37 Renamed security related
stuff
Posted by hi...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/generator/CredentialGenerator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/generator/CredentialGenerator.java b/geode-core/src/test/java/com/gemstone/gemfire/security/generator/CredentialGenerator.java
deleted file mode 100755
index 90584cd..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/generator/CredentialGenerator.java
+++ /dev/null
@@ -1,333 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security.generator;
-
-import java.security.Principal;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Properties;
-
-import org.apache.logging.log4j.Logger;
-
-import com.gemstone.gemfire.internal.logging.LogService;
-import com.gemstone.gemfire.security.AuthInitialize;
-import com.gemstone.gemfire.security.Authenticator;
-import com.gemstone.gemfire.security.templates.DummyAuthenticator;
-import com.gemstone.gemfire.security.templates.LdapUserAuthenticator;
-import com.gemstone.gemfire.security.templates.PKCSAuthenticator;
-
-/**
- * Encapsulates obtaining valid and invalid credentials. Implementations will be
- * for different kinds of authentication schemes.
- *
- * @since GemFire 5.5
- */
-public abstract class CredentialGenerator {
-
- private static final Logger logger = LogService.getLogger();
-
- /**
- * A set of properties that should be added to the Gemfire system properties
- * before using the authentication module.
- */
- private Properties systemProperties = null;
-
- /**
- * A set of properties that should be added to the java system properties
- * before using the authentication module.
- */
- protected Properties javaProperties = null;
-
- /**
- * A factory method to create a new instance of an {@link CredentialGenerator}
- * for the given {@link ClassCode}. Caller is supposed to invoke
- * {@link CredentialGenerator#init} immediately after obtaining the instance.
- *
- * @param classCode
- * the {@code ClassCode} of the {@code CredentialGenerator}
- * implementation
- *
- * @return an instance of {@code CredentialGenerator} for the given class
- * code
- */
- public static CredentialGenerator create(final ClassCode classCode) {
- switch (classCode.classType) {
- // Removing dummy one to reduce test run times
- // case ClassCode.ID_DUMMY:
- // return new DummyCredentialGenerator();
- case ClassCode.ID_LDAP:
- return new LdapUserCredentialGenerator();
- // case ClassCode.ID_SSL:�
- // return new SSLCredentialGenerator();
- case ClassCode.ID_PKCS:
- return new PKCSCredentialGenerator();
- default:
- return null;
- }
- }
-
- /**
- * Initialize the credential generator.
- *
- * @throws IllegalArgumentException when there is a problem during
- * initialization
- */
- public void init() throws IllegalArgumentException {
- this.systemProperties = initialize();
- logger.info("Generating CredentialGenerator with {}", this.systemProperties);
- }
-
- /**
- * @return A set of extra properties that should be added to Gemfire system
- * properties when not null.
- */
- public Properties getSystemProperties() {
- return this.systemProperties;
- }
-
- /**
- * @return A set of extra properties that should be added to Gemfire system
- * properties when not null.
- */
- public Properties getJavaProperties() {
- return this.javaProperties;
- }
-
- /**
- * The {@link ClassCode} of this particular implementation.
- *
- * @return the {@code ClassCode}
- */
- public abstract ClassCode classCode();
-
- /**
- * The name of the {@link AuthInitialize} factory function that should be used
- * in conjunction with the credentials generated by this generator.
- *
- * @return name of the {@code AuthInitialize} factory function
- */
- public abstract String getAuthInit();
-
- /**
- * The name of the {@link Authenticator} factory function that should be used
- * in conjunction with the credentials generated by this generator.
- *
- * @return name of the {@code Authenticator} factory function
- */
- public abstract String getAuthenticator();
-
- /**
- * Get a set of valid credentials generated using the given index.
- */
- public abstract Properties getValidCredentials(final int index);
-
- /**
- * Get a set of valid credentials for the given {@link Principal}.
- *
- * @return credentials for the given {@code Principal} or null if none
- * possible.
- */
- public abstract Properties getValidCredentials(final Principal principal);
-
- /**
- * Get a set of invalid credentials generated using the given index.
- */
- public abstract Properties getInvalidCredentials(final int index);
-
- /**
- * Initialize the credential generator. This is provided separately from the
- * {@link #init()} method for convenience of implementations so that they do not
- * need to store in {@link #systemProperties}. The latter is convenient for the users
- * who do not need to store these properties rather can obtain it later by
- * invoking {@link #getSystemProperties()}
- *
- * <p>Required to be implemented by concrete classes that implement this abstract
- * class.
- *
- * @return A set of extra properties that should be added to Gemfire system
- * properties when not null.
- *
- * @throws IllegalArgumentException when there is a problem during
- * initialization
- */
- protected abstract Properties initialize() throws IllegalArgumentException;
-
- /**
- * Enumeration for various {@link CredentialGenerator} implementations.
- *
- * <p>The following schemes are supported as of now:
- * {@code DummyAuthenticator}, {@code LdapUserAuthenticator},
- * {@code PKCSAuthenticator}. In addition SSL socket mode with mutual
- * authentication is also supported.
- *
- * <p>To add a new authentication scheme the following needs to be done:
- * <ul>
- * <li>Add implementations for {@link AuthInitialize} and
- * {@link Authenticator} classes for clients/peers.</li>
- * <li>Add a new enumeration value for the scheme in this class. Notice the
- * size of {@code VALUES} array and increase that if it is getting
- * overflowed. Note the methods and fields for existing schemes and add for
- * the new one in a similar manner.</li>
- * <li>Add an implementation for {@link CredentialGenerator}.</li>
- * <li>Modify the CredentialGenerator.Factory#create [no such Factory exists] method to add
- * creation of an instance of the new implementation for the
- * {@code ClassCode} enumeration value.</li>
- * </ul>
- *
- * <p>All security dunit tests will automagically start testing the new
- * implementation after this.
- *
- * @since GemFire 5.5
- */
- public static final class ClassCode {
-
- private static byte nextOrdinal = 0;
-
- private static final byte ID_DUMMY = 1;
- private static final byte ID_LDAP = 2;
- private static final byte ID_PKCS = 3;
- private static final byte ID_SSL = 4;
-
- private static final ClassCode[] VALUES = new ClassCode[10];
- private static final Map CODE_NAME_MAP = new HashMap();
-
- public static final ClassCode DUMMY = new ClassCode(DummyAuthenticator.class.getName() + ".create", ID_DUMMY);
- public static final ClassCode LDAP = new ClassCode(LdapUserAuthenticator.class.getName() + ".create", ID_LDAP);
- public static final ClassCode PKCS = new ClassCode(PKCSAuthenticator.class.getName() + ".create", ID_PKCS);
- public static final ClassCode SSL = new ClassCode("SSL", ID_SSL);
-
- /** The name of this class. */
- private final String name;
-
- /** byte used as ordinal to represent this class */
- private final byte ordinal;
-
- /**
- * One of the following: ID_DUMMY, ID_LDAP, ID_PKCS
- */
- private final byte classType;
-
- /** Creates a new instance of class code. */
- private ClassCode(final String name, final byte classType) {
- this.name = name;
- this.classType = classType;
- this.ordinal = nextOrdinal++;
- VALUES[this.ordinal] = this;
- CODE_NAME_MAP.put(name, this);
- }
-
- public boolean isDummy() {
- return this.classType == ID_DUMMY;
- }
-
- public boolean isLDAP() {
- return this.classType == ID_LDAP;
- }
-
- public boolean isPKCS() {
- return this.classType == ID_PKCS;
- }
-
- public boolean isSSL() {
- return this.classType == ID_SSL;
- }
-
- /**
- * Returns the {@code ClassCode} represented by specified ordinal.
- */
- public static ClassCode fromOrdinal(final byte ordinal) {
- return VALUES[ordinal];
- }
-
- /**
- * Returns the {@code ClassCode} represented by specified string.
- */
- public static ClassCode parse(final String operationName) {
- return (ClassCode) CODE_NAME_MAP.get(operationName);
- }
-
- /**
- * Returns all the possible values.
- */
- public static List getAll() {
- final List codes = new ArrayList();
- for (Iterator iter = CODE_NAME_MAP.values().iterator(); iter.hasNext();) {
- codes.add(iter.next());
- }
- return codes;
- }
-
- /**
- * Returns the ordinal for this operation code.
- *
- * @return the ordinal of this operation.
- */
- public byte toOrdinal() {
- return this.ordinal;
- }
-
- /**
- * Returns a string representation for this operation.
- *
- * @return the name of this operation.
- */
- @Override
- public final String toString() {
- return this.name;
- }
-
- /**
- * Indicates whether other object is same as this one.
- *
- * @return true if other object is same as this one.
- */
- @Override
- public final boolean equals(final Object obj) {
- if (obj == this) {
- return true;
- }
- if (!(obj instanceof ClassCode)) {
- return false;
- }
- final ClassCode other = (ClassCode)obj;
- return other.ordinal == this.ordinal;
- }
-
- /**
- * Indicates whether other {@code ClassCode} is same as this one.
- *
- * @return true if other {@code ClassCode} is same as this one.
- */
- public final boolean equals(final ClassCode opCode) {
- return opCode != null && opCode.ordinal == this.ordinal;
- }
-
- /**
- * Returns a hash code value for this {@code ClassCode} which is the
- * same as its ordinal.
- *
- * @return the ordinal of this operation.
- */
- @Override
- public final int hashCode() {
- return this.ordinal;
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/generator/DummyAuthzCredentialGenerator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/generator/DummyAuthzCredentialGenerator.java b/geode-core/src/test/java/com/gemstone/gemfire/security/generator/DummyAuthzCredentialGenerator.java
deleted file mode 100755
index 64fb84a..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/generator/DummyAuthzCredentialGenerator.java
+++ /dev/null
@@ -1,129 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security.generator;
-
-import java.security.Principal;
-import java.util.HashSet;
-import java.util.Properties;
-import java.util.Set;
-
-import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
-import com.gemstone.gemfire.security.templates.DummyAuthorization;
-import com.gemstone.gemfire.security.templates.UsernamePrincipal;
-
-public class DummyAuthzCredentialGenerator extends AuthzCredentialGenerator {
-
- public static final byte READER_ROLE = 1;
- public static final byte WRITER_ROLE = 2;
- public static final byte ADMIN_ROLE = 3;
-
- private static Set readerOpsSet;
- private static Set writerOpsSet;
-
- static {
- readerOpsSet = new HashSet();
- for (int index = 0; index < DummyAuthorization.READER_OPS.length; index++) {
- readerOpsSet.add(DummyAuthorization.READER_OPS[index]);
- }
-
- writerOpsSet = new HashSet();
- for (int index = 0; index < DummyAuthorization.WRITER_OPS.length; index++) {
- writerOpsSet.add(DummyAuthorization.WRITER_OPS[index]);
- }
- }
-
- public static byte getRequiredRole(final OperationCode[] opCodes) {
- byte roleType = ADMIN_ROLE;
- boolean requiresReader = true;
- boolean requiresWriter = true;
-
- for (int opNum = 0; opNum < opCodes.length; opNum++) {
- if (requiresReader && !readerOpsSet.contains(opCodes[opNum])) {
- requiresReader = false;
- }
- if (requiresWriter && !writerOpsSet.contains(opCodes[opNum])) {
- requiresWriter = false;
- }
- }
- if (requiresReader) {
- roleType = READER_ROLE;
- }
- else if (requiresWriter) {
- roleType = WRITER_ROLE;
- }
- return roleType;
- }
-
- @Override
- protected Properties init() throws IllegalArgumentException {
- if (!this.generator.classCode().isDummy()) {
- throw new IllegalArgumentException("DummyAuthorization module only works with DummyAuthenticator");
- }
- return null;
- }
-
- @Override
- public ClassCode classCode() {
- return ClassCode.DUMMY;
- }
-
- @Override
- public String getAuthorizationCallback() {
- return DummyAuthorization.class.getName() + ".create";
- }
-
- @Override
- protected Principal getAllowedPrincipal(final OperationCode[] opCodes, final String[] regionNames, final int index) {
- final byte roleType = getRequiredRole(opCodes);
- return getPrincipal(roleType, index);
- }
-
- @Override
- protected Principal getDisallowedPrincipal(final OperationCode[] opCodes, final String[] regionNames, final int index) {
- byte roleType = getRequiredRole(opCodes);
- byte disallowedRoleType;
- switch (roleType) {
- case READER_ROLE:
- disallowedRoleType = WRITER_ROLE;
- break;
- case WRITER_ROLE:
- disallowedRoleType = READER_ROLE;
- break;
- default:
- disallowedRoleType = READER_ROLE;
- break;
- }
- return getPrincipal(disallowedRoleType, index);
- }
-
- @Override
- protected int getNumPrincipalTries(final OperationCode[] opCodes, final String[] regionNames) {
- return 5;
- }
-
- private Principal getPrincipal(final byte roleType, final int index) {
- String[] admins = new String[] { "root", "admin", "administrator" };
- switch (roleType) {
- case READER_ROLE:
- return new UsernamePrincipal("reader" + index);
- case WRITER_ROLE:
- return new UsernamePrincipal("writer" + index);
- default:
- return new UsernamePrincipal(admins[index % admins.length]);
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/generator/DummyCredentialGenerator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/generator/DummyCredentialGenerator.java b/geode-core/src/test/java/com/gemstone/gemfire/security/generator/DummyCredentialGenerator.java
deleted file mode 100755
index 77ffbd9..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/generator/DummyCredentialGenerator.java
+++ /dev/null
@@ -1,89 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security.generator;
-
-import java.security.Principal;
-import java.util.Properties;
-
-import com.gemstone.gemfire.security.templates.DummyAuthenticator;
-import com.gemstone.gemfire.security.templates.UserPasswordAuthInit;
-
-public class DummyCredentialGenerator extends CredentialGenerator {
-
- @Override
- protected Properties initialize() throws IllegalArgumentException {
- return null;
- }
-
- @Override
- public ClassCode classCode() {
- return ClassCode.DUMMY;
- }
-
- @Override
- public String getAuthInit() {
- return UserPasswordAuthInit.class.getName() + ".create";
- }
-
- @Override
- public String getAuthenticator() {
- return DummyAuthenticator.class.getName() + ".create";
- }
-
- @Override
- public Properties getValidCredentials(final int index) {
- final String[] validGroups = new String[] { "admin", "user", "reader", "writer" };
- final String[] admins = new String[] { "root", "admin", "administrator" };
-
- final Properties props = new Properties();
- final int groupNum = index % validGroups.length;
-
- String userName;
- if (groupNum == 0) {
- userName = admins[index % admins.length];
- } else {
- userName = validGroups[groupNum] + (index / validGroups.length);
- }
-
- props.setProperty(UserPasswordAuthInit.USER_NAME, userName);
- props.setProperty(UserPasswordAuthInit.PASSWORD, userName);
- return props;
- }
-
- @Override
- public Properties getValidCredentials(final Principal principal) {
- final String userName = principal.getName();
-
- if (DummyAuthenticator.checkValidName(userName)) {
- Properties props = new Properties();
- props.setProperty(UserPasswordAuthInit.USER_NAME, userName);
- props.setProperty(UserPasswordAuthInit.PASSWORD, userName);
- return props;
-
- } else {
- throw new IllegalArgumentException("Dummy: [" + userName + "] is not a valid user");
- }
- }
-
- @Override
- public Properties getInvalidCredentials(int index) {
- Properties props = new Properties();
- props.setProperty(UserPasswordAuthInit.USER_NAME, "invalid" + index);
- props.setProperty(UserPasswordAuthInit.PASSWORD, "none");
- return props;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/generator/LdapUserCredentialGenerator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/generator/LdapUserCredentialGenerator.java b/geode-core/src/test/java/com/gemstone/gemfire/security/generator/LdapUserCredentialGenerator.java
deleted file mode 100755
index 7cde86d..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/generator/LdapUserCredentialGenerator.java
+++ /dev/null
@@ -1,165 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security.generator;
-
-import com.gemstone.gemfire.distributed.internal.DistributionConfig;
-import com.gemstone.gemfire.internal.cache.tier.sockets.HandShake;
-import com.gemstone.gemfire.internal.logging.LogService;
-import com.gemstone.gemfire.security.templates.LdapUserAuthenticator;
-import com.gemstone.gemfire.security.templates.UserPasswordAuthInit;
-import com.gemstone.gemfire.test.dunit.Assert;
-import com.gemstone.gemfire.util.test.TestUtil;
-import org.apache.logging.log4j.Logger;
-
-import java.security.Principal;
-import java.util.Properties;
-import java.util.Random;
-
-import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
-
-public class LdapUserCredentialGenerator extends CredentialGenerator {
-
- private static final Logger logger = LogService.getLogger();
-
- private static final String USER_PREFIX = "gemfire";
- private static final Random RANDOM = new Random();
- private static final String[] CIPHERS = new String[] { "", "DESede", "AES:128", "Blowfish:128" };
-
- private static boolean enableServerAuthentication = false;
-
- private boolean serverAuthEnabled = false;
-
- public LdapUserCredentialGenerator() {
- // Toggle server authentication enabled for each test
- // This is done instead of running all the tests with both
- // server auth enabled/disabled to reduce test run time.
- enableServerAuthentication = !enableServerAuthentication;
- this.serverAuthEnabled = enableServerAuthentication;
- }
-
- @Override
- protected Properties initialize() throws IllegalArgumentException {
- final String ldapServer = System.getProperty("gf.ldap.server", "ldap");
- final String ldapBaseDN = System.getProperty("gf.ldap.basedn", "ou=ldapTesting,dc=pune,dc=gemstone,dc=com");
- final String ldapUseSSL = System.getProperty("gf.ldap.usessl");
-
- final Properties extraProps = new Properties();
- extraProps.setProperty(LdapUserAuthenticator.LDAP_SERVER_NAME, ldapServer);
- extraProps.setProperty(LdapUserAuthenticator.LDAP_BASEDN_NAME, ldapBaseDN);
-
- if (ldapUseSSL != null && ldapUseSSL.length() > 0) {
- extraProps.setProperty(LdapUserAuthenticator.LDAP_SSL_NAME, ldapUseSSL);
- }
-
- if (serverAuthEnabled) {
- String keyStoreFile = TestUtil.getResourcePath(LdapUserCredentialGenerator.class, PKCSCredentialGenerator.keyStoreDir + "/gemfire1.keystore");
- extraProps.setProperty(HandShake.PRIVATE_KEY_FILE_PROP, keyStoreFile);
- extraProps.setProperty(HandShake.PRIVATE_KEY_ALIAS_PROP, DistributionConfig.GEMFIRE_PREFIX);
- extraProps.setProperty(HandShake.PRIVATE_KEY_PASSWD_PROP, "gemfire");
- }
-
- Assert.assertNotNull(extraProps.getProperty(LdapUserAuthenticator.LDAP_BASEDN_NAME));
-
- logger.info("Generating LdapUserCredentialGenerator with {}", extraProps);
-
- return extraProps;
- }
-
- @Override
- public ClassCode classCode() {
- return ClassCode.LDAP;
- }
-
- @Override
- public String getAuthInit() {
- return UserPasswordAuthInit.class.getName() + ".create";
- }
-
- @Override
- public String getAuthenticator() {
- return LdapUserAuthenticator.class.getName() + ".create";
- }
-
- @Override
- public Properties getValidCredentials(final int index) {
- final Properties props = new Properties();
- props.setProperty(UserPasswordAuthInit.USER_NAME, USER_PREFIX + ((index % 10) + 1));
- props.setProperty(UserPasswordAuthInit.PASSWORD, USER_PREFIX + ((index % 10) + 1));
- props.setProperty(SECURITY_CLIENT_DHALGO, CIPHERS[RANDOM.nextInt(CIPHERS.length)]);
-
- if (serverAuthEnabled) {
- final String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, PKCSCredentialGenerator.keyStoreDir + "/publickeyfile");
- props.setProperty(HandShake.PUBLIC_KEY_FILE_PROP, keyStoreFile);
- props.setProperty(HandShake.PUBLIC_KEY_PASSWD_PROP, "gemfire");
- }
-
- return props;
- }
-
- @Override
- public Properties getValidCredentials(final Principal principal) {
- Properties props = null;
- final String userName = principal.getName();
-
- if (userName != null && userName.startsWith(USER_PREFIX)) {
- boolean isValid;
-
- try {
- final int suffix = Integer.parseInt(userName.substring(USER_PREFIX.length()));
- isValid = (suffix >= 1 && suffix <= 10);
- } catch (Exception ex) {
- isValid = false;
- }
-
- if (isValid) {
- props = new Properties();
- props.setProperty(UserPasswordAuthInit.USER_NAME, userName);
- props.setProperty(UserPasswordAuthInit.PASSWORD, userName);
- }
- }
-
- if (props == null) {
- throw new IllegalArgumentException("LDAP: [" + userName + "] not a valid user");
- }
-
- props.setProperty(SECURITY_CLIENT_DHALGO, CIPHERS[RANDOM.nextInt(CIPHERS.length)]);
-
- if (serverAuthEnabled) {
- final String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, PKCSCredentialGenerator.keyStoreDir + "/publickeyfile");
- props.setProperty(HandShake.PUBLIC_KEY_FILE_PROP, keyStoreFile);
- props.setProperty(HandShake.PUBLIC_KEY_PASSWD_PROP, "gemfire");
- }
-
- return props;
- }
-
- @Override
- public Properties getInvalidCredentials(final int index) {
- final Properties props = new Properties();
- props.setProperty(UserPasswordAuthInit.USER_NAME, "invalid" + index);
- props.setProperty(UserPasswordAuthInit.PASSWORD, "none");
- props.setProperty(SECURITY_CLIENT_DHALGO, CIPHERS[RANDOM.nextInt(CIPHERS.length)]);
-
- if (serverAuthEnabled) {
- final String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, PKCSCredentialGenerator.keyStoreDir + "/publickeyfile");
- props.setProperty(HandShake.PUBLIC_KEY_FILE_PROP, keyStoreFile);
- props.setProperty(HandShake.PUBLIC_KEY_PASSWD_PROP, "gemfire");
- }
-
- return props;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/generator/PKCSCredentialGenerator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/generator/PKCSCredentialGenerator.java b/geode-core/src/test/java/com/gemstone/gemfire/security/generator/PKCSCredentialGenerator.java
deleted file mode 100755
index 09381b8..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/generator/PKCSCredentialGenerator.java
+++ /dev/null
@@ -1,115 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security.generator;
-
-import java.security.Principal;
-import java.security.Provider;
-import java.security.Security;
-import java.util.Properties;
-
-import com.gemstone.gemfire.security.templates.PKCSAuthInit;
-import com.gemstone.gemfire.security.templates.PKCSAuthenticator;
-import com.gemstone.gemfire.util.test.TestUtil;
-
-public class PKCSCredentialGenerator extends CredentialGenerator {
-
- public static String keyStoreDir = getKeyStoreDir();
- public static boolean usesIBMJSSE;
-
- // Checks if the current JVM uses only IBM JSSE providers.
- private static boolean usesIBMProviders() {
- final Provider[] providers = Security.getProviders();
- for (int index = 0; index < providers.length; ++index) {
- if (!providers[index].getName().toLowerCase().startsWith("ibm")) {
- return false;
- }
- }
- return true;
- }
-
- private static String getKeyStoreDir() {
- usesIBMJSSE = usesIBMProviders();
- if (usesIBMJSSE) {
- return "/com/gemstone/gemfire/security/generator/keys/ibm";
- } else {
- return "/com/gemstone/gemfire/security/generator/keys";
- }
- }
-
- @Override
- protected Properties initialize() throws IllegalArgumentException {
- final String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, keyStoreDir + "/publickeyfile");
-
- final Properties props = new Properties();
- props.setProperty(PKCSAuthenticator.PUBLIC_KEY_FILE, keyStoreFile);
- props.setProperty(PKCSAuthenticator.PUBLIC_KEYSTORE_PASSWORD, "gemfire");
-
- return props;
- }
-
- @Override
- public ClassCode classCode() {
- return ClassCode.PKCS;
- }
-
- @Override
- public String getAuthInit() {
- return PKCSAuthInit.class.getName() + ".create";
- }
-
- @Override
- public String getAuthenticator() {
- return PKCSAuthenticator.class.getName() + ".create";
- }
-
- @Override
- public Properties getInvalidCredentials(int index) {
- final String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, keyStoreDir + "/gemfire11.keystore");
-
- final Properties props = new Properties();
- props.setProperty(PKCSAuthInit.KEYSTORE_FILE_PATH, keyStoreFile);
- props.setProperty(PKCSAuthInit.KEYSTORE_ALIAS, "gemfire11");
- props.setProperty(PKCSAuthInit.KEYSTORE_PASSWORD, "gemfire");
-
- return props;
- }
-
- @Override
- public Properties getValidCredentials(int index) {
- final int aliasnum = (index % 10) + 1;
- final String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, keyStoreDir + "/gemfire" + aliasnum + ".keystore");
-
- final Properties props = new Properties();
- props.setProperty(PKCSAuthInit.KEYSTORE_FILE_PATH, keyStoreFile);
- props.setProperty(PKCSAuthInit.KEYSTORE_ALIAS, "gemfire" + aliasnum);
- props.setProperty(PKCSAuthInit.KEYSTORE_PASSWORD, "gemfire");
-
- return props;
- }
-
- @Override
- public Properties getValidCredentials(Principal principal) {
- final String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, keyStoreDir + principal.getName() + ".keystore");
-
- final Properties props = new Properties();
- props.setProperty(PKCSAuthInit.KEYSTORE_FILE_PATH, keyStoreFile);
- props.setProperty(PKCSAuthInit.KEYSTORE_ALIAS, principal.getName());
- props.setProperty(PKCSAuthInit.KEYSTORE_PASSWORD, "gemfire");
-
- return props;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/generator/SSLCredentialGenerator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/generator/SSLCredentialGenerator.java b/geode-core/src/test/java/com/gemstone/gemfire/security/generator/SSLCredentialGenerator.java
deleted file mode 100755
index 6b6e3de..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/generator/SSLCredentialGenerator.java
+++ /dev/null
@@ -1,123 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security.generator;
-
-import com.gemstone.gemfire.internal.logging.LogService;
-import com.gemstone.gemfire.security.AuthenticationFailedException;
-import org.apache.logging.log4j.Logger;
-
-import java.io.File;
-import java.io.IOException;
-import java.security.Principal;
-import java.util.Properties;
-
-import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
-
-public class SSLCredentialGenerator extends CredentialGenerator {
-
- private static final Logger logger = LogService.getLogger();
-
- @Override
- protected Properties initialize() throws IllegalArgumentException {
- this.javaProperties = getValidJavaSSLProperties();
- return getSSLProperties();
- }
-
- @Override
- public ClassCode classCode() {
- return ClassCode.SSL;
- }
-
- @Override
- public String getAuthInit() {
- return null;
- }
-
- @Override
- public String getAuthenticator() {
- return null;
- }
-
- @Override
- public Properties getValidCredentials(int index) {
- this.javaProperties = getValidJavaSSLProperties();
- return getSSLProperties();
- }
-
- @Override
- public Properties getValidCredentials(final Principal principal) {
- this.javaProperties = getValidJavaSSLProperties();
- return getSSLProperties();
- }
-
- @Override
- public Properties getInvalidCredentials(final int index) {
- this.javaProperties = getInvalidJavaSSLProperties();
- return getSSLProperties();
- }
-
- private File findTrustedJKS() {
- final File ssldir = new File(System.getProperty("JTESTS") + "/ssl");
- return new File(ssldir, "trusted.keystore");
- }
-
- private File findUntrustedJKS() {
- final File ssldir = new File(System.getProperty("JTESTS") + "/ssl");
- return new File(ssldir, "untrusted.keystore");
- }
-
- private Properties getValidJavaSSLProperties() {
- final File jks = findTrustedJKS();
-
- try {
- final Properties props = new Properties();
- props.setProperty("javax.net.ssl.trustStore", jks.getCanonicalPath());
- props.setProperty("javax.net.ssl.trustStorePassword", "password");
- props.setProperty("javax.net.ssl.keyStore", jks.getCanonicalPath());
- props.setProperty("javax.net.ssl.keyStorePassword", "password");
- return props;
-
- } catch (IOException ex) {
- throw new AuthenticationFailedException("SSL: Exception while opening the key store: " + ex.getMessage(), ex);
- }
- }
-
- private Properties getInvalidJavaSSLProperties() {
- final File jks = findUntrustedJKS();
-
- try {
- final Properties props = new Properties();
- props.setProperty("javax.net.ssl.trustStore", jks.getCanonicalPath());
- props.setProperty("javax.net.ssl.trustStorePassword", "password");
- props.setProperty("javax.net.ssl.keyStore", jks.getCanonicalPath());
- props.setProperty("javax.net.ssl.keyStorePassword", "password");
- return props;
-
- } catch (IOException ex) {
- throw new AuthenticationFailedException("SSL: Exception while opening the key store: " + ex.getMessage(), ex);
- }
- }
-
- private Properties getSSLProperties() {
- Properties props = new Properties();
- props.setProperty(CLUSTER_SSL_CIPHERS, "true");
- props.setProperty(CLUSTER_SSL_REQUIRE_AUTHENTICATION, "true");
- props.setProperty(CLUSTER_SSL_CIPHERS, "SSL_RSA_WITH_3DES_EDE_CBC_SHA");
- props.setProperty(CLUSTER_SSL_PROTOCOLS, "TLSv1");
- return props;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/generator/UserPasswordWithExtraPropsAuthInit.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/generator/UserPasswordWithExtraPropsAuthInit.java b/geode-core/src/test/java/com/gemstone/gemfire/security/generator/UserPasswordWithExtraPropsAuthInit.java
deleted file mode 100755
index 1240533..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/generator/UserPasswordWithExtraPropsAuthInit.java
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security.generator;
-
-import com.gemstone.gemfire.distributed.DistributedMember;
-import com.gemstone.gemfire.distributed.internal.DistributionConfig;
-import com.gemstone.gemfire.security.AuthInitialize;
-import com.gemstone.gemfire.security.AuthenticationFailedException;
-import com.gemstone.gemfire.security.templates.UserPasswordAuthInit;
-
-import java.util.Iterator;
-import java.util.Properties;
-
-/**
- * An {@link AuthInitialize} implementation that obtains the user name and
- * password as the credentials from the given set of properties. If
- * keep-extra-props property exits, it will copy rest of the
- * properties provided in getCredential props argument will also be
- * copied as new credentials.
- *
- * @since GemFire 5.5
- */
-public class UserPasswordWithExtraPropsAuthInit extends UserPasswordAuthInit {
-
- public static final String SECURITY_PREFIX = DistributionConfig.SECURITY_PREFIX_NAME;
- public static final String EXTRA_PROPS = "security-keep-extra-props";
-
- public static AuthInitialize create() {
- return new UserPasswordWithExtraPropsAuthInit();
- }
-
- public UserPasswordWithExtraPropsAuthInit() {
- super();
- }
-
- @Override
- public Properties getCredentials(final Properties securityProperties, final DistributedMember server, final boolean isPeer) throws AuthenticationFailedException {
- final Properties securityPropertiesCopy = super.getCredentials(securityProperties, server, isPeer);
- final String extraProps = securityProperties.getProperty(EXTRA_PROPS);
-
- if (extraProps != null) {
- for (Iterator it = securityProperties.keySet().iterator(); it.hasNext();) {
- final String key = (String) it.next();
- if (key.startsWith(SECURITY_PREFIX) &&
- key.equalsIgnoreCase(USER_NAME) == false &&
- key.equalsIgnoreCase(PASSWORD) == false &&
- key.equalsIgnoreCase(EXTRA_PROPS) == false) {
- securityPropertiesCopy.setProperty(key, securityProperties.getProperty(key));
- }
- }
- this.securityLogWriter.fine("got everything and now have: " + securityPropertiesCopy.keySet().toString());
- }
-
- return securityPropertiesCopy;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/generator/XmlAuthzCredentialGenerator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/generator/XmlAuthzCredentialGenerator.java b/geode-core/src/test/java/com/gemstone/gemfire/security/generator/XmlAuthzCredentialGenerator.java
deleted file mode 100755
index 7dcf5ae..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/generator/XmlAuthzCredentialGenerator.java
+++ /dev/null
@@ -1,257 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security.generator;
-
-import java.security.Principal;
-import java.util.HashSet;
-import java.util.Properties;
-import java.util.Set;
-
-import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
-import com.gemstone.gemfire.security.templates.UsernamePrincipal;
-import com.gemstone.gemfire.security.templates.XmlAuthorization;
-import com.gemstone.gemfire.util.test.TestUtil;
-
-public class XmlAuthzCredentialGenerator extends AuthzCredentialGenerator {
-
- private static final String dummyXml = "authz-dummy.xml";
- private static final String ldapXml = "authz-ldap.xml";
- private static final String pkcsXml = "authz-pkcs.xml";
- private static final String sslXml = "authz-ssl.xml";
-
- private static final String[] QUERY_REGIONS = { "/Portfolios", "/Positions", "/AuthRegion" };
-
- public static OperationCode[] READER_OPS = {
- OperationCode.GET,
- OperationCode.REGISTER_INTEREST,
- OperationCode.UNREGISTER_INTEREST,
- OperationCode.KEY_SET,
- OperationCode.CONTAINS_KEY,
- OperationCode.EXECUTE_FUNCTION };
-
- public static OperationCode[] WRITER_OPS = {
- OperationCode.PUT,
- OperationCode.DESTROY,
- OperationCode.INVALIDATE,
- OperationCode.REGION_CLEAR };
-
- public static OperationCode[] QUERY_OPS = {
- OperationCode.QUERY,
- OperationCode.EXECUTE_CQ,
- OperationCode.STOP_CQ,
- OperationCode.CLOSE_CQ };
-
- private static final byte READER_ROLE = 1;
- private static final byte WRITER_ROLE = 2;
- private static final byte QUERY_ROLE = 3;
- private static final byte ADMIN_ROLE = 4;
-
- private static Set readerOpsSet;
- private static Set writerOpsSet;
- private static Set queryOpsSet;
- private static Set queryRegionSet;
-
- static {
- readerOpsSet = new HashSet();
- for (int index = 0; index < READER_OPS.length; index++) {
- readerOpsSet.add(READER_OPS[index]);
- }
-
- writerOpsSet = new HashSet();
- for (int index = 0; index < WRITER_OPS.length; index++) {
- writerOpsSet.add(WRITER_OPS[index]);
- }
-
- queryOpsSet = new HashSet();
- for (int index = 0; index < QUERY_OPS.length; index++) {
- queryOpsSet.add(QUERY_OPS[index]);
- }
-
- queryRegionSet = new HashSet();
- for (int index = 0; index < QUERY_REGIONS.length; index++) {
- queryRegionSet.add(QUERY_REGIONS[index]);
- }
- }
-
- @Override
- protected Properties init() throws IllegalArgumentException {
- final Properties sysProps = new Properties();
- final String dirName = "/com/gemstone/gemfire/security/generator/";
-
- if (this.generator.classCode().isDummy()) {
- final String xmlFilename = TestUtil.getResourcePath(XmlAuthzCredentialGenerator.class, dirName + dummyXml);
- sysProps.setProperty(XmlAuthorization.DOC_URI_PROP_NAME, xmlFilename);
-
- } else if (this.generator.classCode().isLDAP()) {
- final String xmlFilename = TestUtil.getResourcePath(XmlAuthzCredentialGenerator.class, dirName + ldapXml);
- sysProps.setProperty(XmlAuthorization.DOC_URI_PROP_NAME, xmlFilename);
-
- // } else if (this.generator.classCode().isPKCS()) {
- // sysProps.setProperty(XmlAuthorization.DOC_URI_PROP_NAME, dirName + pkcsXml);
- // }
- // } else if (this.generator.classCode().isSSL()) {
- // sysProps.setProperty(XmlAuthorization.DOC_URI_PROP_NAME, dirName + sslXml);
- // }
-
- } else {
- throw new IllegalArgumentException("No XML defined for XmlAuthorization module to work with " + this.generator.getAuthenticator());
- }
- return sysProps;
- }
-
- @Override
- public ClassCode classCode() {
- return ClassCode.XML;
- }
-
- @Override
- public String getAuthorizationCallback() {
- return XmlAuthorization.class.getName() + ".create";
- }
-
- private Principal getDummyPrincipal(final byte roleType, final int index) {
- final String[] admins = new String[] { "root", "admin", "administrator" };
- final int numReaders = 3;
- final int numWriters = 3;
-
- switch (roleType) {
- case READER_ROLE:
- return new UsernamePrincipal("reader" + (index % numReaders));
- case WRITER_ROLE:
- return new UsernamePrincipal("writer" + (index % numWriters));
- case QUERY_ROLE:
- return new UsernamePrincipal("reader" + ((index % 2) + 3));
- default:
- return new UsernamePrincipal(admins[index % admins.length]);
- }
- }
-
- @Override
- protected Principal getAllowedPrincipal(final OperationCode[] opCodes, final String[] regionNames, final int index) {
- if (this.generator.classCode().isDummy()) {
- final byte roleType = getRequiredRole(opCodes, regionNames);
- return getDummyPrincipal(roleType, index);
-
- } else if (this.generator.classCode().isLDAP()) {
- final byte roleType = getRequiredRole(opCodes, regionNames);
- return getLdapPrincipal(roleType, index);
- }
-
- return null;
- }
-
- @Override
- protected Principal getDisallowedPrincipal(final OperationCode[] opCodes, final String[] regionNames, final int index) {
- final byte roleType = getRequiredRole(opCodes, regionNames);
-
- byte disallowedRoleType = READER_ROLE;
- switch (roleType) {
- case READER_ROLE:
- disallowedRoleType = WRITER_ROLE;
- break;
- case WRITER_ROLE:
- disallowedRoleType = READER_ROLE;
- break;
- case QUERY_ROLE:
- disallowedRoleType = READER_ROLE;
- break;
- case ADMIN_ROLE:
- disallowedRoleType = READER_ROLE;
- break;
- }
-
- if (this.generator.classCode().isDummy()) {
- return getDummyPrincipal(disallowedRoleType, index);
-
- } else if (this.generator.classCode().isLDAP()) {
- return getLdapPrincipal(disallowedRoleType, index);
- }
-
- return null;
- }
-
- @Override
- protected int getNumPrincipalTries(final OperationCode[] opCodes, final String[] regionNames) {
- return 5;
- }
-
- private Principal getLdapPrincipal(final byte roleType, final int index) {
- final String userPrefix = "gemfire";
- final int[] readerIndices = { 3, 4, 5 };
- final int[] writerIndices = { 6, 7, 8 };
- final int[] queryIndices = { 9, 10 };
- final int[] adminIndices = { 1, 2 };
-
- switch (roleType) {
- case READER_ROLE:
- int readerIndex = readerIndices[index % readerIndices.length];
- return new UsernamePrincipal(userPrefix + readerIndex);
- case WRITER_ROLE:
- int writerIndex = writerIndices[index % writerIndices.length];
- return new UsernamePrincipal(userPrefix + writerIndex);
- case QUERY_ROLE:
- int queryIndex = queryIndices[index % queryIndices.length];
- return new UsernamePrincipal(userPrefix + queryIndex);
- default:
- int adminIndex = adminIndices[index % adminIndices.length];
- return new UsernamePrincipal(userPrefix + adminIndex);
- }
- }
-
- private byte getRequiredRole(final OperationCode[] opCodes, final String[] regionNames) {
- byte roleType = ADMIN_ROLE;
- boolean requiresReader = true;
- boolean requiresWriter = true;
- boolean requiresQuery = true;
-
- for (int opNum = 0; opNum < opCodes.length; opNum++) {
- final OperationCode opCode = opCodes[opNum];
- if (requiresReader && !readerOpsSet.contains(opCode)) {
- requiresReader = false;
- }
- if (requiresWriter && !writerOpsSet.contains(opCode)) {
- requiresWriter = false;
- }
- if (requiresQuery && !queryOpsSet.contains(opCode)) {
- requiresQuery = false;
- }
- }
-
- if (requiresReader) {
- roleType = READER_ROLE;
-
- } else if (requiresWriter) {
- roleType = WRITER_ROLE;
-
- } else if (requiresQuery) {
- if (regionNames != null && regionNames.length > 0) {
- for (int index = 0; index < regionNames.length; index++) {
- final String regionName = XmlAuthorization.normalizeRegionName(regionNames[index]);
- if (requiresQuery && !queryRegionSet.contains(regionName)) {
- requiresQuery = false;
- break;
- }
- }
- if (requiresQuery) {
- roleType = QUERY_ROLE;
- }
- }
- }
-
- return roleType;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/templates/DummyAuthenticator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/templates/DummyAuthenticator.java b/geode-core/src/test/java/com/gemstone/gemfire/security/templates/DummyAuthenticator.java
deleted file mode 100755
index f086b67..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/templates/DummyAuthenticator.java
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security.templates;
-
-import java.security.Principal;
-import java.util.Properties;
-
-import com.gemstone.gemfire.LogWriter;
-import com.gemstone.gemfire.distributed.DistributedMember;
-import com.gemstone.gemfire.security.AuthenticationFailedException;
-import com.gemstone.gemfire.security.Authenticator;
-
-/**
- * A dummy implementation of the {@link Authenticator} interface that expects a
- * user name and password allowing authentication depending on the format of the
- * user name.
- *
- * @since GemFire 5.5
- */
-public class DummyAuthenticator implements Authenticator {
-
- public static Authenticator create() {
- return new DummyAuthenticator();
- }
-
- public static boolean checkValidName(final String userName) {
- return userName.startsWith("user") ||
- userName.startsWith("reader") ||
- userName.startsWith("writer") ||
- userName.equals("admin") ||
- userName.equals("root") ||
- userName.equals("administrator");
- }
-
- @Override
- public void init(final Properties securityProperties, final LogWriter systemLogWriter, final LogWriter securityLogWriter) throws AuthenticationFailedException {
- }
-
- @Override
- public Principal authenticate(final Properties credentials, final DistributedMember member) throws AuthenticationFailedException {
- final String userName = credentials.getProperty(UserPasswordAuthInit.USER_NAME);
- if (userName == null) {
- throw new AuthenticationFailedException("DummyAuthenticator: user name property [" + UserPasswordAuthInit.USER_NAME + "] not provided");
- }
-
- final String password = credentials.getProperty(UserPasswordAuthInit.PASSWORD);
- if (password == null) {
- throw new AuthenticationFailedException( "DummyAuthenticator: password property [" + UserPasswordAuthInit.PASSWORD + "] not provided");
- }
-
- if (userName.equals(password) && checkValidName(userName)) {
- return new UsernamePrincipal(userName);
- } else {
- throw new AuthenticationFailedException("DummyAuthenticator: Invalid user name [" + userName + "], password supplied.");
- }
- }
-
- @Override
- public void close() {
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/templates/DummyAuthorization.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/templates/DummyAuthorization.java b/geode-core/src/test/java/com/gemstone/gemfire/security/templates/DummyAuthorization.java
deleted file mode 100755
index df08676..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/templates/DummyAuthorization.java
+++ /dev/null
@@ -1,122 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security.templates;
-
-import java.security.Principal;
-import java.util.HashSet;
-import java.util.Set;
-
-import com.gemstone.gemfire.LogWriter;
-import com.gemstone.gemfire.cache.Cache;
-import com.gemstone.gemfire.cache.operations.OperationContext;
-import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
-import com.gemstone.gemfire.distributed.DistributedMember;
-import com.gemstone.gemfire.security.AccessControl;
-import com.gemstone.gemfire.security.NotAuthorizedException;
-
-/**
- * A dummy implementation of the {@code AccessControl} interface that
- * allows authorization depending on the format of the {@code Principal}
- * string.
- *
- * @since GemFire 5.5
- */
-public class DummyAuthorization implements AccessControl {
-
- private Set allowedOps;
- private DistributedMember remoteMember;
- private LogWriter securityLogWriter;
-
- public static final OperationCode[] READER_OPS = {
- OperationCode.GET,
- OperationCode.QUERY,
- OperationCode.EXECUTE_CQ,
- OperationCode.CLOSE_CQ,
- OperationCode.STOP_CQ,
- OperationCode.REGISTER_INTEREST,
- OperationCode.UNREGISTER_INTEREST,
- OperationCode.KEY_SET,
- OperationCode.CONTAINS_KEY,
- OperationCode.EXECUTE_FUNCTION };
-
- public static final OperationCode[] WRITER_OPS = {
- OperationCode.PUT,
- OperationCode.PUTALL,
- OperationCode.DESTROY,
- OperationCode.INVALIDATE,
- OperationCode.REGION_CLEAR };
-
- public static AccessControl create() {
- return new DummyAuthorization();
- }
-
- public DummyAuthorization() {
- this.allowedOps = new HashSet(20);
- }
-
- @Override
- public void init(final Principal principal, final DistributedMember remoteMember, final Cache cache) throws NotAuthorizedException {
- if (principal != null) {
-
- final String name = principal.getName().toLowerCase();
-
- if (name != null) {
-
- if (name.equals("root") || name.equals("admin") || name.equals("administrator")) {
- addReaderOps();
- addWriterOps();
- this.allowedOps.add(OperationCode.REGION_CREATE);
- this.allowedOps.add(OperationCode.REGION_DESTROY);
-
- } else if (name.startsWith("writer")) {
- addWriterOps();
-
- } else if (name.startsWith("reader")) {
- addReaderOps();
- }
-
- }
- }
-
- this.remoteMember = remoteMember;
- this.securityLogWriter = cache.getSecurityLogger();
- }
-
- @Override
- public boolean authorizeOperation(String regionName, OperationContext context) {
- final OperationCode opCode = context.getOperationCode();
- this.securityLogWriter.fine("Invoked authorize operation for [" + opCode + "] in region [" + regionName + "] for client: " + remoteMember);
- return this.allowedOps.contains(opCode);
- }
-
- @Override
- public void close() {
- this.allowedOps.clear();
- }
-
- private void addReaderOps() {
- for (int index = 0; index < READER_OPS.length; index++) {
- this.allowedOps.add(READER_OPS[index]);
- }
- }
-
- private void addWriterOps() {
- for (int index = 0; index < WRITER_OPS.length; index++) {
- this.allowedOps.add(WRITER_OPS[index]);
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/templates/FunctionSecurityPrmsHolder.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/templates/FunctionSecurityPrmsHolder.java b/geode-core/src/test/java/com/gemstone/gemfire/security/templates/FunctionSecurityPrmsHolder.java
deleted file mode 100755
index 275a4ad..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/templates/FunctionSecurityPrmsHolder.java
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security.templates;
-
-import java.util.Set;
-
-/**
- * This is a sample class for objects which hold information of the authorized
- * function names and authorized value for the {@code optimizeForWrite}.
- *
- * @since GemFire 6.0
- */
-public class FunctionSecurityPrmsHolder {
-
- private final Boolean optimizeForWrite;
- private final Set<String> functionIds;
- private final Set<String> keySet;
-
- public FunctionSecurityPrmsHolder(final Boolean optimizeForWrite, final Set<String> functionIds, final Set<String> keySet) {
- this.optimizeForWrite = optimizeForWrite;
- this.functionIds = functionIds;
- this.keySet = keySet;
- }
-
- public Boolean isOptimizeForWrite() {
- return this.optimizeForWrite;
- }
-
- public Set<String> getFunctionIds() {
- return this.functionIds;
- }
-
- public Set<String> getKeySet() {
- return this.keySet;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/templates/LdapUserAuthenticator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/templates/LdapUserAuthenticator.java b/geode-core/src/test/java/com/gemstone/gemfire/security/templates/LdapUserAuthenticator.java
deleted file mode 100755
index a9e875e..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/templates/LdapUserAuthenticator.java
+++ /dev/null
@@ -1,107 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security.templates;
-
-import java.security.Principal;
-import java.util.Properties;
-import javax.naming.Context;
-import javax.naming.directory.DirContext;
-import javax.naming.directory.InitialDirContext;
-
-import org.apache.logging.log4j.Logger;
-
-import com.gemstone.gemfire.LogWriter;
-import com.gemstone.gemfire.distributed.DistributedMember;
-import com.gemstone.gemfire.internal.logging.LogService;
-import com.gemstone.gemfire.security.AuthenticationFailedException;
-import com.gemstone.gemfire.security.Authenticator;
-
-/**
- * An implementation of {@link Authenticator} that uses LDAP.
- *
- * @since GemFire 5.5
- */
-public class LdapUserAuthenticator implements Authenticator {
-
- private static final Logger logger = LogService.getLogger();
-
- public static final String LDAP_SERVER_NAME = "security-ldap-server";
- public static final String LDAP_BASEDN_NAME = "security-ldap-basedn";
- public static final String LDAP_SSL_NAME = "security-ldap-usessl";
-
- private String ldapServer = null;
- private String baseDomainName = null;
- private String ldapUrlScheme = null;
-
- public static Authenticator create() {
- return new LdapUserAuthenticator();
- }
-
- @Override
- public void init(final Properties securityProps, final LogWriter systemLogWriter, final LogWriter securityLogWriter) throws AuthenticationFailedException {
- logger.info("Initializing LdapUserAuthenticator with {}", securityProps);
-
- this.ldapServer = securityProps.getProperty(LDAP_SERVER_NAME);
- if (this.ldapServer == null || this.ldapServer.length() == 0) {
- throw new AuthenticationFailedException("LdapUserAuthenticator: LDAP server property [" + LDAP_SERVER_NAME + "] not specified");
- }
-
- this.baseDomainName = securityProps.getProperty(LDAP_BASEDN_NAME);
- if (this.baseDomainName == null || this.baseDomainName.length() == 0) {
- throw new AuthenticationFailedException("LdapUserAuthenticator: LDAP base DN property [" + LDAP_BASEDN_NAME + "] not specified");
- }
-
- final String sslName = securityProps.getProperty(LDAP_SSL_NAME);
- if (sslName != null && sslName.toLowerCase().equals("true")) {
- this.ldapUrlScheme = "ldaps://";
- } else {
- this.ldapUrlScheme = "ldap://";
- }
- }
-
- @Override
- public Principal authenticate(final Properties credentials, final DistributedMember member) {
- final String userName = credentials.getProperty(UserPasswordAuthInit.USER_NAME);
- if (userName == null) {
- throw new AuthenticationFailedException("LdapUserAuthenticator: user name property [" + UserPasswordAuthInit.USER_NAME + "] not provided");
- }
-
- String password = credentials.getProperty(UserPasswordAuthInit.PASSWORD);
- if (password == null) {
- password = "";
- }
-
- final Properties env = new Properties();
- env.put(Context.INITIAL_CONTEXT_FACTORY, com.sun.jndi.ldap.LdapCtxFactory.class.getName());
- env.put(Context.PROVIDER_URL, this.ldapUrlScheme + this.ldapServer + '/' + this.baseDomainName);
- env.put(Context.SECURITY_PRINCIPAL, "uid=" + userName + "," + this.baseDomainName);
- env.put(Context.SECURITY_CREDENTIALS, password);
-
- try {
- final DirContext ctx = new InitialDirContext(env);
- ctx.close();
- } catch (Exception e) {
- throw new AuthenticationFailedException("LdapUserAuthenticator: Failure with provided username, password combination for user name: " + userName, e);
- }
-
- return new UsernamePrincipal(userName);
- }
-
- @Override
- public void close() {
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/templates/PKCSAuthInit.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/templates/PKCSAuthInit.java b/geode-core/src/test/java/com/gemstone/gemfire/security/templates/PKCSAuthInit.java
deleted file mode 100755
index f58d305..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/templates/PKCSAuthInit.java
+++ /dev/null
@@ -1,120 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security.templates;
-
-import java.io.FileInputStream;
-import java.security.Key;
-import java.security.KeyStore;
-import java.security.PrivateKey;
-import java.security.Signature;
-import java.security.cert.X509Certificate;
-import java.util.Properties;
-
-import org.apache.logging.log4j.Logger;
-
-import com.gemstone.gemfire.LogWriter;
-import com.gemstone.gemfire.distributed.DistributedMember;
-import com.gemstone.gemfire.internal.logging.LogService;
-import com.gemstone.gemfire.security.AuthInitialize;
-import com.gemstone.gemfire.security.AuthenticationFailedException;
-
-/**
- * An {@link AuthInitialize} implementation that obtains the digital signature
- * for use with PKCS scheme on server from the given set of properties.
- *
- * To use this class the {@code security-client-auth-init} property should be
- * set to the fully qualified name the static {@code create} function
- * viz. {@code com.gemstone.gemfire.security.templates.PKCSAuthInit.create}
- *
- * @since GemFire 5.5
- */
-public class PKCSAuthInit implements AuthInitialize {
-
- private static final Logger logger = LogService.getLogger();
-
- public static final String KEYSTORE_FILE_PATH = "security-keystorepath";
- public static final String KEYSTORE_ALIAS = "security-alias";
- public static final String KEYSTORE_PASSWORD = "security-keystorepass";
- public static final String SIGNATURE_DATA = "security-signature";
-
- protected LogWriter systemLogWriter;
- protected LogWriter securityLogWriter;
-
- public static AuthInitialize create() {
- return new PKCSAuthInit();
- }
-
- @Override
- public void init(final LogWriter systemLogWriter, final LogWriter securityLogWriter) throws AuthenticationFailedException {
- this.systemLogWriter = systemLogWriter;
- this.securityLogWriter = securityLogWriter;
- }
-
- @Override
- public Properties getCredentials(final Properties securityProperties, final DistributedMember server, final boolean isPeer) throws AuthenticationFailedException {
- final String keyStorePath = securityProperties.getProperty(KEYSTORE_FILE_PATH);
- if (keyStorePath == null) {
- throw new AuthenticationFailedException("PKCSAuthInit: key-store file path property [" + KEYSTORE_FILE_PATH + "] not set.");
- }
-
- final String alias = securityProperties.getProperty(KEYSTORE_ALIAS);
- if (alias == null) {
- throw new AuthenticationFailedException("PKCSAuthInit: key alias name property [" + KEYSTORE_ALIAS + "] not set.");
- }
-
- final String keyStorePass = securityProperties.getProperty(KEYSTORE_PASSWORD);
-
- try {
- final KeyStore ks = KeyStore.getInstance("PKCS12");
- final char[] passPhrase = (keyStorePass != null ? keyStorePass.toCharArray() : null);
- final FileInputStream certificatefile = new FileInputStream(keyStorePath);
-
- try {
- ks.load(certificatefile, passPhrase);
- } finally {
- certificatefile.close();
- }
-
- final Key key = ks.getKey(alias, passPhrase);
-
- if (key instanceof PrivateKey) {
- final PrivateKey privKey = (PrivateKey)key;
- final X509Certificate cert = (X509Certificate)ks.getCertificate(alias);
- final Signature sig = Signature.getInstance(cert.getSigAlgName());
-
- sig.initSign(privKey);
- sig.update(alias.getBytes("UTF-8"));
- final byte[] signatureBytes = sig.sign();
-
- final Properties newprops = new Properties();
- newprops.put(KEYSTORE_ALIAS, alias);
- newprops.put(SIGNATURE_DATA, signatureBytes);
- return newprops;
-
- } else {
- throw new AuthenticationFailedException("PKCSAuthInit: " + "Failed to load private key from the given file: " + keyStorePath);
- }
-
- } catch (Exception ex) {
- throw new AuthenticationFailedException("PKCSAuthInit: Exception while getting credentials: " + ex, ex);
- }
- }
-
- @Override
- public void close() {
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/templates/PKCSAuthenticator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/templates/PKCSAuthenticator.java b/geode-core/src/test/java/com/gemstone/gemfire/security/templates/PKCSAuthenticator.java
deleted file mode 100755
index ac5939d..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/templates/PKCSAuthenticator.java
+++ /dev/null
@@ -1,158 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security.templates;
-
-import java.io.FileInputStream;
-import java.security.KeyStore;
-import java.security.NoSuchAlgorithmException;
-import java.security.Principal;
-import java.security.Signature;
-import java.security.cert.Certificate;
-import java.security.cert.X509Certificate;
-import java.security.spec.InvalidKeySpecException;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Properties;
-
-import org.apache.logging.log4j.Logger;
-
-import com.gemstone.gemfire.LogWriter;
-import com.gemstone.gemfire.distributed.DistributedMember;
-import com.gemstone.gemfire.internal.logging.LogService;
-import com.gemstone.gemfire.security.AuthenticationFailedException;
-import com.gemstone.gemfire.security.Authenticator;
-
-/**
- * An implementation of {@link Authenticator} that uses PKCS.
- */
-public class PKCSAuthenticator implements Authenticator {
-
- private static final Logger logger = LogService.getLogger();
-
- public static final String PUBLIC_KEY_FILE = "security-publickey-filepath";
- public static final String PUBLIC_KEYSTORE_PASSWORD = "security-publickey-pass";
-
- private String pubKeyFilePath;
- private String pubKeyPass;
- private Map aliasCertificateMap;
-
- private LogWriter systemLogWriter;
- private LogWriter securityLogWriter;
-
- public static Authenticator create() {
- return new PKCSAuthenticator();
- }
-
- @Override
- public void init(final Properties securityProperties, final LogWriter systemLogWriter, final LogWriter securityLogWriter) throws AuthenticationFailedException {
- this.systemLogWriter = systemLogWriter;
- this.securityLogWriter = securityLogWriter;
-
- this.pubKeyFilePath = securityProperties.getProperty(PUBLIC_KEY_FILE);
- if (this.pubKeyFilePath == null) {
- throw new AuthenticationFailedException("PKCSAuthenticator: property " + PUBLIC_KEY_FILE + " not specified as the public key file.");
- }
-
- this.pubKeyPass = securityProperties.getProperty(PUBLIC_KEYSTORE_PASSWORD);
- this.aliasCertificateMap = new HashMap();
-
- populateMap();
- }
-
- @Override
- public Principal authenticate(final Properties credentials, final DistributedMember member) throws AuthenticationFailedException {
- final String alias = (String)credentials.get(PKCSAuthInit.KEYSTORE_ALIAS);
- if (alias == null || alias.length() <= 0) {
- throw new AuthenticationFailedException("No alias received");
- }
-
- try {
- final X509Certificate cert = getCertificate(alias);
- if (cert == null) {
- throw newException("No certificate found for alias:" + alias);
- }
-
- final byte[] signatureBytes = (byte[])credentials.get(PKCSAuthInit.SIGNATURE_DATA);
- if (signatureBytes == null) {
- throw newException("signature data property [" + PKCSAuthInit.SIGNATURE_DATA + "] not provided");
- }
-
- final Signature sig = Signature.getInstance(cert.getSigAlgName());
- sig.initVerify(cert);
- sig.update(alias.getBytes("UTF-8"));
-
- if (!sig.verify(signatureBytes)) {
- throw newException("verification of client signature failed");
- }
-
- return new PKCSPrincipal(alias);
-
- } catch (Exception ex) {
- throw newException(ex.toString(), ex);
- }
- }
-
- @Override
- public void close() {
- }
-
- private void populateMap() {
- try {
- final KeyStore keyStore = KeyStore.getInstance("JKS");
- final char[] passPhrase = this.pubKeyPass != null ? this.pubKeyPass.toCharArray() : null;
- final FileInputStream keyStoreFile = new FileInputStream(this.pubKeyFilePath);
-
- try {
- keyStore.load(keyStoreFile, passPhrase);
- } finally {
- keyStoreFile.close();
- }
-
- for (Enumeration e = keyStore.aliases(); e.hasMoreElements();) {
- final Object alias = e.nextElement();
- final Certificate cert = keyStore.getCertificate((String)alias);
- if (cert instanceof X509Certificate) {
- this.aliasCertificateMap.put(alias, cert);
- }
- }
-
- } catch (Exception e) {
- throw new AuthenticationFailedException("Exception while getting public keys: " + e.getMessage(), e);
- }
- }
-
- private AuthenticationFailedException newException(final String message, final Exception cause) {
- final String fullMessage = "PKCSAuthenticator: Authentication of client failed due to: " + message;
- if (cause != null) {
- return new AuthenticationFailedException(fullMessage, cause);
- } else {
- return new AuthenticationFailedException(fullMessage);
- }
- }
-
- private AuthenticationFailedException newException(final String message) {
- return newException(message, null);
- }
-
- private X509Certificate getCertificate(final String alias) throws NoSuchAlgorithmException, InvalidKeySpecException {
- if (this.aliasCertificateMap.containsKey(alias)) {
- return (X509Certificate) this.aliasCertificateMap.get(alias);
- }
- return null;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/templates/PKCSPrincipal.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/templates/PKCSPrincipal.java b/geode-core/src/test/java/com/gemstone/gemfire/security/templates/PKCSPrincipal.java
deleted file mode 100755
index 4a6c45e..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/templates/PKCSPrincipal.java
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.gemstone.gemfire.security.templates;
-
-import java.io.Serializable;
-import java.security.Principal;
-
-public class PKCSPrincipal implements Principal, Serializable {
-
- private final String alias;
-
- public PKCSPrincipal(final String alias) {
- this.alias = alias;
- }
-
- @Override
- public String getName() {
- return this.alias;
- }
-
- @Override
- public String toString() {
- return this.alias;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/templates/PKCSPrincipalTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/templates/PKCSPrincipalTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/templates/PKCSPrincipalTest.java
deleted file mode 100644
index 95cd99c..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/templates/PKCSPrincipalTest.java
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security.templates;
-
-import static org.assertj.core.api.Assertions.*;
-
-import java.io.Serializable;
-
-import org.apache.commons.lang.SerializationUtils;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-import com.gemstone.gemfire.test.junit.categories.UnitTest;
-
-/**
- * Unit tests for {@link PKCSPrincipal}
- */
-@Category({ UnitTest.class, SecurityTest.class })
-public class PKCSPrincipalTest {
-
- @Test
- public void isSerializable() throws Exception {
- assertThat(PKCSPrincipal.class).isInstanceOf(Serializable.class);
- }
-
- @Test
- public void canBeSerialized() throws Exception {
- String name = "jsmith";
- PKCSPrincipal instance = new PKCSPrincipal(name);
-
- PKCSPrincipal cloned = (PKCSPrincipal) SerializationUtils.clone(instance);
-
- assertThat(cloned.getName()).isEqualTo(name);
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/templates/UserPasswordAuthInit.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/templates/UserPasswordAuthInit.java b/geode-core/src/test/java/com/gemstone/gemfire/security/templates/UserPasswordAuthInit.java
deleted file mode 100755
index 76c6987..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/templates/UserPasswordAuthInit.java
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security.templates;
-
-import java.util.Properties;
-
-import com.gemstone.gemfire.LogWriter;
-import com.gemstone.gemfire.distributed.DistributedMember;
-import com.gemstone.gemfire.security.AuthInitialize;
-import com.gemstone.gemfire.security.AuthenticationFailedException;
-
-/**
- * An {@link AuthInitialize} implementation that obtains the user name and
- * password as the credentials from the given set of properties.
- *
- * To use this class the {@code security-client-auth-init} property should be
- * set to the fully qualified name the static {@code create} method
- * viz. {@code com.gemstone.gemfire.security.templates.UserPasswordAuthInit.create}
- *
- * @since GemFire 5.5
- */
-public class UserPasswordAuthInit implements AuthInitialize {
-
- public static final String USER_NAME = "security-username";
- public static final String PASSWORD = "security-password";
-
- protected LogWriter systemLogWriter;
- protected LogWriter securityLogWriter;
-
- public static AuthInitialize create() {
- return new UserPasswordAuthInit();
- }
-
- @Override
- public void init(final LogWriter systemLogWriter, final LogWriter securityLogWriter) throws AuthenticationFailedException {
- this.systemLogWriter = systemLogWriter;
- this.securityLogWriter = securityLogWriter;
- }
-
- @Override
- public Properties getCredentials(final Properties securityProperties, final DistributedMember server, final boolean isPeer) throws AuthenticationFailedException {
- String userName = securityProperties.getProperty(USER_NAME);
- if (userName == null) {
- throw new AuthenticationFailedException("UserPasswordAuthInit: user name property [" + USER_NAME + "] not set.");
- }
-
- String password = securityProperties.getProperty(PASSWORD);
- if (password == null) {
- password = "";
- }
-
- Properties securityPropertiesCopy = new Properties();
- securityPropertiesCopy.setProperty(USER_NAME, userName);
- securityPropertiesCopy.setProperty(PASSWORD, password);
- return securityPropertiesCopy;
- }
-
- @Override
- public void close() {
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/templates/UsernamePrincipal.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/templates/UsernamePrincipal.java b/geode-core/src/test/java/com/gemstone/gemfire/security/templates/UsernamePrincipal.java
deleted file mode 100755
index 4eefe46..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/templates/UsernamePrincipal.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security.templates;
-
-import java.io.Serializable;
-import java.security.Principal;
-
-/**
- * An implementation of {@link Principal} class for a simple user name.
- *
- * @since GemFire 5.5
- */
-public class UsernamePrincipal implements Principal, Serializable {
-
- private final String userName;
-
- public UsernamePrincipal(final String userName) {
- this.userName = userName;
- }
-
- @Override
- public String getName() {
- return this.userName;
- }
-
- @Override
- public String toString() {
- return this.userName;
- }
-}
[10/15] incubator-geode git commit: GEODE-37 Renamed security related
stuff
Posted by hi...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/SecurityTestUtils.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/SecurityTestUtils.java b/geode-core/src/test/java/com/gemstone/gemfire/security/SecurityTestUtils.java
deleted file mode 100644
index 3a469ec..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/SecurityTestUtils.java
+++ /dev/null
@@ -1,1930 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.gemstone.gemfire.security;
-
-import static com.gemstone.gemfire.cache30.ClientServerTestCase.*;
-import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
-import static com.gemstone.gemfire.internal.AvailablePort.*;
-import static com.gemstone.gemfire.test.dunit.Assert.*;
-import static com.gemstone.gemfire.test.dunit.DistributedTestUtils.*;
-import static com.gemstone.gemfire.test.dunit.LogWriterUtils.*;
-import static com.gemstone.gemfire.test.dunit.NetworkUtils.*;
-import static com.gemstone.gemfire.test.dunit.Wait.*;
-
-import java.io.File;
-import java.io.FileOutputStream;
-import java.io.IOException;
-import java.io.PrintStream;
-import java.lang.reflect.Field;
-import java.lang.reflect.Modifier;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.LinkedHashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Properties;
-import java.util.Set;
-import java.util.concurrent.Callable;
-
-import javax.net.ServerSocketFactory;
-import javax.net.SocketFactory;
-import javax.net.ssl.KeyManager;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLContextSpi;
-import javax.net.ssl.SSLServerSocketFactory;
-import javax.net.ssl.SSLSocketFactory;
-import javax.net.ssl.TrustManager;
-
-import com.gemstone.gemfire.cache.AttributesFactory;
-import com.gemstone.gemfire.cache.Cache;
-import com.gemstone.gemfire.cache.CacheFactory;
-import com.gemstone.gemfire.cache.DataPolicy;
-import com.gemstone.gemfire.cache.DynamicRegionFactory;
-import com.gemstone.gemfire.cache.Region;
-import com.gemstone.gemfire.cache.RegionAttributes;
-import com.gemstone.gemfire.cache.Scope;
-import com.gemstone.gemfire.cache.client.NoAvailableServersException;
-import com.gemstone.gemfire.cache.client.Pool;
-import com.gemstone.gemfire.cache.client.PoolFactory;
-import com.gemstone.gemfire.cache.client.PoolManager;
-import com.gemstone.gemfire.cache.client.ServerConnectivityException;
-import com.gemstone.gemfire.cache.client.ServerOperationException;
-import com.gemstone.gemfire.cache.client.ServerRefusedConnectionException;
-import com.gemstone.gemfire.cache.client.internal.PoolImpl;
-import com.gemstone.gemfire.cache.client.internal.ProxyCache;
-import com.gemstone.gemfire.cache.execute.Execution;
-import com.gemstone.gemfire.cache.execute.Function;
-import com.gemstone.gemfire.cache.execute.FunctionException;
-import com.gemstone.gemfire.cache.execute.FunctionService;
-import com.gemstone.gemfire.cache.query.Query;
-import com.gemstone.gemfire.cache.query.QueryInvocationTargetException;
-import com.gemstone.gemfire.cache.query.SelectResults;
-import com.gemstone.gemfire.cache.server.CacheServer;
-import com.gemstone.gemfire.distributed.DistributedSystem;
-import com.gemstone.gemfire.distributed.Locator;
-import com.gemstone.gemfire.distributed.internal.DistributionConfig;
-import com.gemstone.gemfire.pdx.PdxReader;
-import com.gemstone.gemfire.pdx.PdxSerializable;
-import com.gemstone.gemfire.pdx.PdxWriter;
-import com.gemstone.gemfire.test.dunit.WaitCriterion;
-import com.gemstone.gemfire.test.dunit.internal.JUnit4DistributedTestCase;
-
-/**
- * Contains utility methods for setting up servers/clients for authentication
- * and authorization tests.
- *
- * @since GemFire 5.5
- *
- * @deprecated in favor of just writing a test without this class
- */
-@Deprecated
-public final class SecurityTestUtils {
-
- private final JUnit4DistributedTestCase distributedTestCase = new JUnit4DistributedTestCase() {};
-
- protected static final int NO_EXCEPTION = 0;
- protected static final int AUTHREQ_EXCEPTION = 1;
- protected static final int AUTHFAIL_EXCEPTION = 2;
- protected static final int CONNREFUSED_EXCEPTION = 3;
- protected static final int NOTAUTHZ_EXCEPTION = 4;
- protected static final int OTHER_EXCEPTION = 5;
- protected static final int NO_AVAILABLE_SERVERS = 6;
- protected static final int SECURITY_EXCEPTION = 7;
- // Indicates that AuthReqException may not necessarily be thrown
- protected static final int NOFORCE_AUTHREQ_EXCEPTION = 16;
-
- protected static final String REGION_NAME = "AuthRegion";
- protected static final String[] KEYS = { "key1", "key2", "key3", "key4", "key5", "key6", "key7", "key8" };
- protected static final String[] VALUES = { "value1", "value2", "value3", "value4", "value5", "value6", "value7", "value8" };
- protected static final String[] NVALUES = { "nvalue1", "nvalue2", "nvalue3", "nvalue4", "nvalue5", "nvalue6", "nvalue7", "nvalue8" };
-
- private static final int NUMBER_OF_USERS = 1;
-
- private static String[] ignoredExceptions = null;
-
- private static Locator locator = null;
- private static Cache cache = null;
- private static Properties currentJavaProps = null;
- private static String locatorString = null;
-
- private static Pool pool = null;
- private static boolean multiUserAuthMode = false;
-
- private static ProxyCache[] proxyCaches = new ProxyCache[NUMBER_OF_USERS];
-
- private static Region regionRef = null;
-
- public SecurityTestUtils(String name) { // TODO: delete
- }
-
- /**
- * @deprecated Please use {@link com.gemstone.gemfire.test.dunit.IgnoredException} instead
- */
- private static void addIgnoredExceptions(final String[] expectedExceptions) { // TODO: delete
- if (expectedExceptions != null) {
- for (int index = 0; index < expectedExceptions.length; index++) {
- getLogWriter().info("<ExpectedException action=add>" + expectedExceptions[index] + "</ExpectedException>");
- }
- }
- }
-
- /**
- * @deprecated Please use {@link com.gemstone.gemfire.test.dunit.IgnoredException} instead
- */
- private static void removeExpectedExceptions(final String[] expectedExceptions) { // TODO: delete
- if (expectedExceptions != null) {
- for (int index = 0; index < expectedExceptions.length; index++) {
- getLogWriter().info("<ExpectedException action=remove>" + expectedExceptions[index] + "</ExpectedException>");
- }
- }
- }
-
- protected static void setJavaProps(final Properties javaProps) {
- removeJavaProperties(currentJavaProps);
- addJavaProperties(javaProps);
- currentJavaProps = javaProps;
- }
-
- protected static ProxyCache getProxyCaches(final int index) {
- return proxyCaches[index];
- }
-
- protected static void initDynamicRegionFactory() {
- DynamicRegionFactory.get().open(new DynamicRegionFactory.Config(null, null, false, true));
- }
-
- protected static int getLocatorPort() {
- int locatorPort = getRandomAvailablePort(SOCKET);
- String addr = getIPLiteral();
- if (locatorString == null) {
- locatorString = addr + "[" + locatorPort + ']';
- }
- else {
- locatorString += "," + addr + "[" + locatorPort + ']';
- }
- return locatorPort;
- }
-
- /**
- * Note that this clears the string after returning for convenience in reusing
- * for other tests. Hence it should normally be invoked only once for a test.
- */
- protected static String getAndClearLocatorString() {
- String locString = locatorString;
- locatorString = null;
- return locString;
- }
-
- protected static Properties concatProperties(final Properties[] propsList) {
- Properties props = new Properties();
- for (int index = 0; index < propsList.length; ++index) {
- if (propsList[index] != null) {
- props.putAll(propsList[index]);
- }
- }
- return props;
- }
-
- protected static void registerExpectedExceptions(final String[] expectedExceptions) { // TODO: delete
- SecurityTestUtils.ignoredExceptions = expectedExceptions;
- }
-
- protected static int createCacheServer(String authenticatorFactoryMethodName){
- Properties authProps = new Properties();
- authProps.setProperty(SECURITY_CLIENT_AUTHENTICATOR, authenticatorFactoryMethodName);
- return createCacheServer(authProps, null, 0, null, 0, false, NO_EXCEPTION);
- }
-
- protected static int createCacheServer(final Properties authProps,
- final Properties javaProps,
- final int locatorPort,
- final String locatorString,
- final int serverPort,
- final int expectedResult)
- {
- return createCacheServer(authProps, javaProps, locatorPort, locatorString, serverPort, false, expectedResult);
- }
-
- protected static int createCacheServer(Properties authProps,
- final Properties javaProps,
- final int locatorPort,
- final String locatorString,
- final int serverPort,
- final boolean setupDynamicRegionFactory,
- final int expectedResult)
- {
- if (authProps == null) {
- authProps = new Properties();
- }
- authProps.setProperty(MCAST_PORT, "0");
- if (locatorString != null && locatorString.length() > 0) {
- authProps.setProperty(LOCATORS, locatorString);
- authProps.setProperty(START_LOCATOR, getIPLiteral() + "[" + locatorPort + ']');
- }
- else {
- authProps.setProperty(LOCATORS, "localhost[" + getDUnitLocatorPort() + "]");
- }
- authProps.setProperty(SECURITY_LOG_LEVEL, "finest");
-
- getLogWriter().info("Set the server properties to: " + authProps);
- getLogWriter().info("Set the java properties to: " + javaProps);
-
- SecurityTestUtils tmpInstance = new SecurityTestUtils("temp");
- try {
- tmpInstance.createSystem(authProps, javaProps);
- }
- catch (AuthenticationRequiredException ex) {
- if (expectedResult == AUTHREQ_EXCEPTION) {
- getLogWriter().info("Got expected exception when starting peer: " + ex);
- return 0;
- }
- else {
- fail("Got unexpected exception when starting peer", ex);
- }
-
- }
- catch (AuthenticationFailedException ex) {
- if (expectedResult == AUTHFAIL_EXCEPTION) {
- getLogWriter().info("Got expected exception when starting peer: " + ex);
- return 0;
- }
- else {
- fail("Got unexpected exception when starting peer", ex);
- }
-
- }
- catch (Exception ex) {
- fail("Got unexpected exception when starting peer", ex);
- }
-
- if (setupDynamicRegionFactory) {
- initDynamicRegionFactory();
- }
-
- tmpInstance.openCache();
-
- AttributesFactory factory = new AttributesFactory();
- factory.setScope(Scope.DISTRIBUTED_ACK);
- factory.setDataPolicy(DataPolicy.REPLICATE);
-
- RegionAttributes attrs = factory.create();
-
- Region region = cache.createRegion(REGION_NAME, attrs);
- int port = serverPort <= 0 ? 0 : serverPort;
-
- CacheServer server1 = cache.addCacheServer();
-
- server1.setPort(port);
- server1.setNotifyBySubscription(true);
- try {
- server1.start();
- }
- catch (AuthenticationRequiredException ex) {
- if (expectedResult == AUTHREQ_EXCEPTION) {
- getLogWriter().info("Got expected exception when starting server: " + ex);
- return 0;
- }
- else {
- fail("Got unexpected exception when starting server", ex);
- }
- }
- catch (Exception ex) {
- fail("Got unexpected exception when starting server", ex);
- }
-
- return server1.getPort();
- }
-
- // 1
- protected static void createCacheClient(final String authInitModule,
- final Properties authProps,
- final Properties javaProps,
- final int[] ports,
- final int numConnections,
- final int expectedResult)
- {
- createCacheClient(authInitModule, authProps, javaProps, ports, numConnections, false, expectedResult);
- }
-
- // 2 a
- protected static void createCacheClient(final String authInitModule,
- final Properties authProps,
- final Properties javaProps,
- final int[] ports,
- final int numConnections,
- final boolean multiUserMode,
- final int expectedResult)
- {
- createCacheClient(authInitModule, authProps, javaProps, ports, numConnections, false, multiUserMode, expectedResult);
- }
-
- // 3
- protected static void createCacheClientWithDynamicRegion(final String authInitModule,
- final Properties authProps,
- final Properties javaProps,
- final int[] ports,
- final int numConnections,
- final boolean setupDynamicRegionFactory,
- final int expectedResult)
- {
- createCacheClient(authInitModule, authProps, javaProps, ports, numConnections, setupDynamicRegionFactory, false, expectedResult);
- }
-
- // 4
- protected static void createCacheClient(final String authInitModule,
- final Properties authProps,
- final Properties javaProps,
- final int[] ports,
- final int numConnections,
- final boolean setupDynamicRegionFactory,
- final boolean multiUserMode,
- final int expectedResult)
- {
- createCacheClient(authInitModule, authProps, javaProps, ports, numConnections, setupDynamicRegionFactory, multiUserMode, true, expectedResult);
- }
-
- // 5
- protected static void createCacheClient(final String authInitModule,
- Properties authProps,
- final Properties javaProps,
- int[] ports,
- final int numConnections,
- final boolean setupDynamicRegionFactory,
- final boolean multiUserMode,
- final boolean subscriptionEnabled,
- final int expectedResult)
- {
- multiUserAuthMode = multiUserMode;
-
- if (authProps == null) {
- authProps = new Properties();
- }
- authProps.setProperty(MCAST_PORT, "0");
- authProps.setProperty(LOCATORS, "");
- authProps.setProperty(SECURITY_LOG_LEVEL, "finest");
- // TODO (ashetkar) Add " && (!multiUserAuthMode)" below.
- if (authInitModule != null) {
- authProps.setProperty(SECURITY_CLIENT_AUTH_INIT, authInitModule);
- }
-
- SecurityTestUtils tmpInstance = new SecurityTestUtils("temp");
- tmpInstance.createSystem(authProps, javaProps);
-
- AttributesFactory factory = new AttributesFactory();
-
- int[] portsI = new int[ports.length];
- for (int z = 0; z < ports.length; z++) {
- portsI[z] = ports[z];
- }
-
- try {
- PoolFactory poolFactory = PoolManager.createFactory();
- poolFactory.setRetryAttempts(200);
-
- if (multiUserAuthMode) {
- poolFactory.setMultiuserAuthentication(multiUserAuthMode);
- // [sumedh] Why is this false here only to be overridden in ClientServerTestCase.configureConnectionPoolWithNameAndFactory below?
- // Actually setting it to false causes MultiUserAPIDUnitTest to fail.
- //poolFactory.setSubscriptionEnabled(false);
- }
-
- pool = configureConnectionPoolWithNameAndFactory(factory, getIPLiteral(), portsI, subscriptionEnabled, 0, numConnections, null, null, poolFactory);
-
- if (setupDynamicRegionFactory) {
- initClientDynamicRegionFactory(pool.getName());
- }
-
- tmpInstance.openCache();
- try {
- getLogWriter().info("multi-user mode " + multiUserAuthMode);
- proxyCaches[0] = (ProxyCache) ((PoolImpl) pool).createAuthenticatedCacheView(authProps);
- if (!multiUserAuthMode) {
- fail("Expected a UnsupportedOperationException but got none in single-user mode");
- }
-
- }
- catch (UnsupportedOperationException uoe) {
- if (!multiUserAuthMode) {
- getLogWriter().info("Got expected UnsupportedOperationException in single-user mode");
- }
- else {
- fail("Got unexpected exception in multi-user mode ", uoe);
- }
- }
-
- factory.setScope(Scope.LOCAL);
- if (multiUserAuthMode) {
- factory.setDataPolicy(DataPolicy.EMPTY);
- }
-
- RegionAttributes attrs = factory.create();
-
- cache.createRegionFactory(attrs).create(REGION_NAME);
-
-// if (expectedResult != NO_EXCEPTION && expectedResult != NOFORCE_AUTHREQ_EXCEPTION) {
-// if (!multiUserAuthMode) {
-// fail("Expected an exception when starting client");
-// }
-// }
-
- }
- catch (AuthenticationRequiredException ex) {
- if (expectedResult == AUTHREQ_EXCEPTION || expectedResult == NOFORCE_AUTHREQ_EXCEPTION) {
- getLogWriter().info("Got expected exception when starting client: " + ex);
- }
- else {
- fail("Got unexpected exception when starting client", ex);
- }
-
- }
- catch (AuthenticationFailedException ex) {
- if (expectedResult == AUTHFAIL_EXCEPTION) {
- getLogWriter().info("Got expected exception when starting client: " + ex);
- }
- else {
- fail("Got unexpected exception when starting client", ex);
- }
-
- }
- catch (ServerRefusedConnectionException ex) {
- if (expectedResult == CONNREFUSED_EXCEPTION) {
- getLogWriter().info("Got expected exception when starting client: " + ex);
- }
- else {
- fail("Got unexpected exception when starting client", ex);
- }
-
- }
- catch (GemFireSecurityException ex){
- if(expectedResult == SECURITY_EXCEPTION){
- getLogWriter().info("Got expected exception when starting client: " + ex);
- }
- else {
- fail("Got unexpected exception when starting client", ex);
- }
- }
- catch (Exception ex) {
- fail("Got unexpected exception when starting client", ex);
- }
- }
-
- protected static void createCacheClientForMultiUserMode(final int numOfUsers,
- final String authInitModule,
- final Properties[] authProps,
- final Properties javaProps,
- final int[] ports,
- final int numConnections,
- final boolean setupDynamicRegionFactory,
- final int expectedResult)
- {
- createCacheClientForMultiUserMode(numOfUsers, authInitModule, authProps, javaProps, ports, numConnections, setupDynamicRegionFactory, null, expectedResult);
- }
-
- protected static void createCacheClientForMultiUserMode(final int numOfUsers,
- final String authInitModule,
- final Properties[] authProps,
- final Properties javaProps,
- final int[] ports,
- final int numConnections,
- final boolean setupDynamicRegionFactory,
- final String durableClientId,
- final int expectedResult)
- {
- if (numOfUsers < 1) {
- fail("Number of users cannot be less than one");
- }
-
- multiUserAuthMode = true;
-
- if (numOfUsers != authProps.length) {
- fail("Number of authProps provided does not match with numOfUsers specified, " + authProps.length);
- }
-
- if (authProps[0] == null) {
- authProps[0] = new Properties();
- }
- authProps[0].setProperty(MCAST_PORT, "0");
- authProps[0].setProperty(LOCATORS, "");
- authProps[0].setProperty(SECURITY_LOG_LEVEL, "finest");
-
- Properties props = new Properties();
-
- if (authInitModule != null) {
- authProps[0].setProperty(SECURITY_CLIENT_AUTH_INIT, authInitModule);
- props.setProperty(SECURITY_CLIENT_AUTH_INIT, authInitModule);
- }
-
- if (durableClientId != null) {
- props.setProperty(DURABLE_CLIENT_ID, durableClientId);
- props.setProperty(DURABLE_CLIENT_TIMEOUT, String.valueOf(DistributionConfig.DEFAULT_DURABLE_CLIENT_TIMEOUT));
- }
-
- SecurityTestUtils tmpInstance = new SecurityTestUtils("temp");
- tmpInstance.createSystem(props, javaProps);
-
- AttributesFactory factory = new AttributesFactory();
-
- int[] portsI = new int[ports.length];
- for (int z = 0; z < ports.length; z++) {
- portsI[z] = ports[z];
- }
-
- try {
- tmpInstance.openCache();
-
- PoolFactory poolFactory = PoolManager.createFactory();
- poolFactory.setRetryAttempts(200);
- poolFactory.setMultiuserAuthentication(multiUserAuthMode);
- poolFactory.setSubscriptionEnabled(true);
-
- pool = configureConnectionPoolWithNameAndFactory(factory, getIPLiteral(), portsI, true, 1, numConnections, null, null, poolFactory);
-
- if (setupDynamicRegionFactory) {
- initClientDynamicRegionFactory(pool.getName());
- }
-
- proxyCaches = new ProxyCache[numOfUsers];
- for (int i = 0; i < numOfUsers; i++) {
- proxyCaches[i] = (ProxyCache) ((PoolImpl) pool).createAuthenticatedCacheView(authProps[i]);
- }
-
- factory.setScope(Scope.LOCAL);
- factory.setDataPolicy(DataPolicy.EMPTY);
- RegionAttributes attrs = factory.create();
-
- cache.createRegion(REGION_NAME, attrs);
-
- if (expectedResult != NO_EXCEPTION && expectedResult != NOFORCE_AUTHREQ_EXCEPTION) {
- if (!multiUserAuthMode) {
- fail("Expected an exception when starting client");
- }
- }
-
- }
- catch (AuthenticationRequiredException ex) {
- if (expectedResult == AUTHREQ_EXCEPTION || expectedResult == NOFORCE_AUTHREQ_EXCEPTION) {
- getLogWriter().info("Got expected exception when starting client: " + ex);
- }
- else {
- fail("Got unexpected exception when starting client", ex);
- }
-
- }
- catch (AuthenticationFailedException ex) {
- if (expectedResult == AUTHFAIL_EXCEPTION) {
- getLogWriter().info("Got expected exception when starting client: " + ex);
- }
- else {
- fail("Got unexpected exception when starting client", ex);
- }
-
- }
- catch (ServerRefusedConnectionException ex) {
- if (expectedResult == CONNREFUSED_EXCEPTION) {
- getLogWriter().info("Got expected exception when starting client: " + ex);
- }
- else {
- fail("Got unexpected exception when starting client", ex);
- }
-
- }
- catch (Exception ex) {
- fail("Got unexpected exception when starting client", ex);
- }
- }
-
- protected static void createProxyCache(final int[] userIndices, final Properties[] props) {
- int j = 0;
- for (int i : userIndices) {
- proxyCaches[i] = (ProxyCache) ((PoolImpl) pool).createAuthenticatedCacheView(props[j]);
- j++;
- }
- }
-
- protected static void startLocator(final String name, int port, final Properties extraProps, final Properties javaProps, final String[] expectedExceptions) {
- try {
- Properties authProps = new Properties();
-
- if (extraProps != null) {
- authProps.putAll(extraProps);
- }
- authProps.setProperty(MCAST_PORT, "0");
- authProps.setProperty(LOCATORS, getIPLiteral() + "[" + port + "]");
- authProps.setProperty(ENABLE_CLUSTER_CONFIGURATION, "false");
-
- clearStaticSSLContext();
-
- setJavaProps(javaProps);
-
- File logFile = new File(name + "-locator" + port + ".log");
- FileOutputStream logOut = new FileOutputStream(logFile);
- PrintStream logStream = new PrintStream(logOut);
- addIgnoredExceptions(expectedExceptions);
- logStream.flush();
-
- locator = Locator.startLocatorAndDS(port, logFile, null, authProps);
-
- }
- catch (IOException ex) {
- fail("While starting locator on port " + port, ex);
- }
- }
-
- protected static void stopLocator(final int port, final String[] expectedExceptions) {
- try {
- locator.stop();
- removeExpectedExceptions(expectedExceptions);
-
- }
- catch (Exception ex) {
- fail("While stopping locator on port " + port, ex);
- }
- }
-
- protected static Cache getCache() {
- return cache;
- }
-
- protected static void waitForCondition(final Callable<Boolean> condition) {
- waitForCondition(condition, 100, 120);
- }
-
- protected static void waitForCondition(final Callable<Boolean> condition, final int sleepMillis, final int numTries) {
- WaitCriterion ev = new WaitCriterion() {
- @Override
- public boolean done() {
- try {
- return condition.call();
- }
- catch (Exception e) {
- fail("Unexpected exception", e);
- }
- return false; // NOTREACHED
- }
-
- @Override
- public String description() {
- return null;
- }
- };
- waitForCriterion(ev, sleepMillis * numTries, 200, true);
- }
-
- protected static Object getLocalValue(final Region region, final Object key) {
- Region.Entry entry = region.getEntry(key);
- return (entry != null ? entry.getValue() : null);
- }
-
- protected static void doProxyCacheClose() {
- for (int i = 0; i < proxyCaches.length; i++) {
- proxyCaches[i].close();
- }
- }
-
- protected static void doPutAllP() throws Exception {
- Region region = getCache().getRegion(REGION_NAME);
- assertNotNull(region);
-
- Map<String, Employee> map = new LinkedHashMap<>();
- map.put("1010L", new Employee(1010L, "John", "Doe"));
-
- region.putAll(map);
- }
-
- protected static void doPuts(final int num) {
- doPutsP(num, NO_EXCEPTION, false);
- }
-
- protected static void doPuts(final int num, final int expectedResult) {
- doPutsP(num, expectedResult, false);
- }
-
- protected static void doMultiUserPuts(final int num, final int numOfUsers, final int[] expectedResults) {
- if (numOfUsers != expectedResults.length) {
- fail("SecurityTestUtils.doMultiUserPuts(): numOfUsers = " + numOfUsers + ", but expected results " + expectedResults.length);
- }
-
- for (int i = 0; i < numOfUsers; i++) {
- getLogWriter().info("PUT: MultiUser# " + i);
- doPutsP(num, i, expectedResults[i], false);
- }
- }
-
- protected static void doGets(final int num) {
- doGetsP(num, NO_EXCEPTION, false);
- }
-
- protected static void doGets(final int num, final int expectedResult) {
- doGetsP(num, expectedResult, false);
- }
-
- protected static void doMultiUserGetAll(final int numOfUsers, final int[] expectedResults) {
- doMultiUserGetAll(numOfUsers, expectedResults, false);
- }
-
- protected static void doMultiUserGetAll(final int numOfUsers, final int[] expectedResults, final boolean useTX) {
- if (numOfUsers != expectedResults.length) {
- fail("SecurityTestUtils.doMultiUserGetAll(): numOfUsers = " + numOfUsers + ", but expected results " + expectedResults.length);
- }
-
- for (int i = 0; i < numOfUsers; i++) {
- getLogWriter().info("GET_ALL" + (useTX ? " in TX" : "") + ": MultiUser# " + i);
- doGetAllP(i, expectedResults[i], useTX);
- }
- }
-
- protected static void doMultiUserGets(final int num, final int numOfUsers, final int[] expectedResults) {
- if (numOfUsers != expectedResults.length) {
- fail("SecurityTestUtils.doMultiUserGets(): numOfUsers = " + numOfUsers + ", but expected results " + expectedResults.length);
- }
-
- for (int i = 0; i < numOfUsers; i++) {
- getLogWriter().info("GET: MultiUser# " + i);
- doGetsP(num, i, expectedResults[i], false);
- }
- }
-
- protected static void doMultiUserRegionDestroys(final int numOfUsers, final int[] expectedResults) {
- if (numOfUsers != expectedResults.length) {
- fail("SecurityTestUtils.doMultiUserRegionDestroys(): numOfUsers = " + numOfUsers + ", but expected results " + expectedResults.length);
- }
-
- for (int i = numOfUsers - 1; i >= 0; i--) {
- getLogWriter().info("DESTROY: MultiUser# " + i);
- doRegionDestroysP(i, expectedResults[i]);
- }
- }
-
- protected static void doMultiUserDestroys(final int num, final int numOfUsers, final int[] expectedResults) {
- if (numOfUsers != expectedResults.length) {
- fail("SecurityTestUtils.doMultiUserDestroys(): numOfUsers = " + numOfUsers + ", but expected results " + expectedResults.length);
- }
-
- for (int i = 0; i < numOfUsers; i++) {
- getLogWriter().info("DESTROY: MultiUser# " + i);
- doDestroysP(num, i, expectedResults[i]);
- }
- }
-
- protected static void doMultiUserInvalidates(final int num, final int numOfUsers, final int[] expectedResults) {
- if (numOfUsers != expectedResults.length) {
- fail("SecurityTestUtils.doMultiUserInvalidates(): numOfUsers = " + numOfUsers + ", but expected results " + expectedResults.length);
- }
-
- for (int i = 0; i < numOfUsers; i++) {
- getLogWriter().info("INVALIDATE: MultiUser# " + i);
- doInvalidatesP(num, i, expectedResults[i]);
- }
- }
-
- protected static void doMultiUserContainsKeys(final int num, final int numOfUsers, final int[] expectedResults, final boolean[] results) {
- if (numOfUsers != expectedResults.length) {
- fail("SecurityTestUtils.doMultiUserContainsKeys(): numOfUsers = " + numOfUsers + ", but #expected results " + expectedResults.length);
- }
-
- if (numOfUsers != results.length) {
- fail("SecurityTestUtils.doMultiUserContainsKeys(): numOfUsers = " + numOfUsers + ", but #expected output " + results.length);
- }
-
- for (int i = 0; i < numOfUsers; i++) {
- getLogWriter().info("CONTAINS_KEY: MultiUser# " + i);
- doContainsKeysP(num, i, expectedResults[i], results[i]);
- }
- }
-
- protected static void doMultiUserQueries(final int numOfUsers, final int[] expectedResults, final int valueSize) {
- if (numOfUsers != expectedResults.length) {
- fail("SecurityTestUtils.doMultiUserQueries(): numOfUsers = " + numOfUsers + ", but #expected results " + expectedResults.length);
- }
-
- for (int i = 0; i < numOfUsers; i++) {
- getLogWriter().info("QUERY: MultiUser# " + i);
- doQueriesP(i, expectedResults[i], valueSize);
- }
- }
-
- protected static void doMultiUserFE(final int numOfUsers, final Function function, final int[] expectedResults, final boolean isFailOverCase) {
- if (numOfUsers != expectedResults.length) {
- fail("SecurityTestUtils.doMultiUserFE(): numOfUsers = " + numOfUsers + ", but #expected results " + expectedResults.length);
- }
-
- for (int i = 0; i < numOfUsers; i++) {
- getLogWriter().info("FunctionExecute:onRegion MultiUser# " + i);
- doFunctionExecuteP(i, function, expectedResults[i], "region");
- }
-
- for (int i = 0; i < numOfUsers; i++) {
- getLogWriter().info("FunctionExecute:onServer MultiUser# " + i);
- doFunctionExecuteP(i, function, expectedResults[i], "server");
- }
-
- if (!isFailOverCase) {
- for (int i = 0; i < numOfUsers; i++) {
- getLogWriter().info("FunctionExecute:onServers MultiUser# " + i);
- doFunctionExecuteP(i, function, expectedResults[i], "servers");
- }
- }
- }
-
- protected static void doMultiUserQueryExecute(final int numOfUsers, final int[] expectedResults, final int result) {
- if (numOfUsers != expectedResults.length) {
- fail("SecurityTestUtils.doMultiUserFE(): numOfUsers = " + numOfUsers + ", but #expected results " + expectedResults.length);
- }
-
- for (int i = 0; i < numOfUsers; i++) {
- getLogWriter().info("QueryExecute: MultiUser# " + i);
- doQueryExecuteP(i, expectedResults[i], result);
- }
- }
-
- protected static void doLocalGets(final int num) {
- doLocalGetsP(num, false);
- }
-
- protected static void doNPuts(final int num) {
- doPutsP(num, NO_EXCEPTION, true);
- }
-
- protected static void doNPuts(final int num, final int expectedResult) {
- doPutsP(num, expectedResult, true);
- }
-
- protected static void doNGets(final int num) {
- doGetsP(num, NO_EXCEPTION, true);
- }
-
- protected static void doNGets(final int num, final int expectedResult) {
- doGetsP(num, expectedResult, true);
- }
-
- protected static void doNLocalGets(final int num) {
- doLocalGetsP(num, true);
- }
-
- protected static void doSimpleGet(final String expectedResult) {
- if (regionRef != null) {
- try {
- regionRef.get("KEY");
- if (expectedResult != null && expectedResult.endsWith("Exception")) {
- fail("Expected " + expectedResult + " but found none in doSimpleGet()");
- }
-
- }
- catch (Exception e) {
- if (!e.getClass().getSimpleName().endsWith(expectedResult)) {
- fail("Expected " + expectedResult + " but found " + e.getClass().getSimpleName() + " in doSimpleGet()");
- }
- else {
- getLogWriter().fine("Got expected " + e.getClass().getSimpleName() + " in doSimpleGet()");
- }
- }
- }
- }
-
- protected static void doSimplePut(final String expectedResult) {
- if (regionRef != null) {
- try {
- regionRef.put("KEY", "VALUE");
- if (expectedResult != null && expectedResult.endsWith("Exception")) {
- fail("Expected " + expectedResult + " but found none in doSimplePut()");
- }
-
- }
- catch (Exception e) {
- if (!e.getClass().getSimpleName().endsWith(expectedResult)) {
- fail("Expected " + expectedResult + " but found " + e.getClass().getSimpleName() + " in doSimplePut()", e);
- }
- else {
- getLogWriter().fine("Got expected " + e.getClass().getSimpleName() + " in doSimplePut()");
- }
- }
- }
- }
-
- /**
- * This is a hack using reflection to clear the static objects in JSSE since
- * otherwise changing the javax.* store related properties has no effect
- * during the course of running dunit suite unless the VMs are restarted.
- */
- protected static void clearStaticSSLContext() {
- ServerSocketFactory defaultServerFact = SSLServerSocketFactory.getDefault();
-
- // Get the class of this and use reflection to blank out any static SSLContext objects inside
- Map<Field, Object> contextMap = getSSLFields(defaultServerFact, new Class[] { SSLContext.class, SSLContextSpi.class });
- makeNullSSLFields(defaultServerFact, contextMap);
-
- for (Iterator contextObjsIter = contextMap.values().iterator(); contextObjsIter.hasNext(); ) {
- Object contextObj = contextObjsIter.next();
- Map<Field, Object> contextObjsMap = getSSLFields(contextObj,
- new Class[] { TrustManager.class, KeyManager.class, TrustManager[].class, KeyManager[].class });
- makeNullSSLFields(contextObj, contextObjsMap);
- }
-
- makeNullStaticField(SSLServerSocketFactory.class);
-
- // Do the same for normal SSL socket factory
- SocketFactory defaultFact = SSLSocketFactory.getDefault();
- contextMap = getSSLFields(defaultFact, new Class[] { SSLContext.class, SSLContextSpi.class });
- makeNullSSLFields(defaultFact, contextMap);
-
- for (Iterator contextObjsIter = contextMap.values().iterator(); contextObjsIter.hasNext(); ) {
- Object contextObj = contextObjsIter.next();
- Map<Field, Object> contextObjsMap = getSSLFields(contextObj,
- new Class[] { TrustManager.class, KeyManager.class, TrustManager[].class, KeyManager[].class });
- makeNullSSLFields(contextObj, contextObjsMap);
- }
-
- makeNullStaticField(SSLSocketFactory.class);
- makeNullStaticField(SSLContext.class);
- }
-
- protected static void closeCache() {
- removeExpectedExceptions(ignoredExceptions);
-
- if (cache != null && !cache.isClosed()) {
- DistributedSystem sys = cache.getDistributedSystem();
- cache.close();
- sys.disconnect();
- cache = null;
- }
-
- disconnectFromDS();
- }
-
- protected static void closeCache(final Boolean keepAlive) {
- removeExpectedExceptions(ignoredExceptions);
-
- if (cache != null && !cache.isClosed()) {
- DistributedSystem sys = cache.getDistributedSystem();
- cache.close(keepAlive);
- sys.disconnect();
- cache = null;
- }
-
- disconnectFromDS();
- }
-
- // ------------------------- private static methods -------------------------
-
- private static void initClientDynamicRegionFactory(final String poolName) {
- DynamicRegionFactory.get().open(new DynamicRegionFactory.Config(null, poolName, false, true));
- }
-
- private static void addJavaProperties(final Properties javaProps) {
- if (javaProps != null) {
- for (Iterator iter = javaProps.entrySet().iterator(); iter.hasNext(); ) {
- Map.Entry entry = (Map.Entry) iter.next();
- System.setProperty((String) entry.getKey(), (String) entry.getValue());
- }
- }
- }
-
- private static void removeJavaProperties(final Properties javaProps) {
- if (javaProps != null) {
- Properties props = System.getProperties();
-
- for (Iterator iter = javaProps.keySet().iterator(); iter.hasNext(); ) {
- props.remove(iter.next());
- }
-
- System.setProperties(props);
- }
- }
-
- private static void doPutsP(final int num, final int expectedResult, final boolean newVals) {
- doPutsP(num, 0, expectedResult, newVals);
- }
-
- private static void doPutsP(final int num, final int multiUserIndex, final int expectedResult, final boolean newVals) {
- assertTrue(num <= KEYS.length);
- Region region = null;
-
- try {
- if (multiUserAuthMode) {
- region = proxyCaches[multiUserIndex].getRegion(REGION_NAME);
- regionRef = region;
- }
- else {
- region = getCache().getRegion(REGION_NAME);
- }
- assertNotNull(region);
-
- }
- catch (Exception ex) {
- if (expectedResult == OTHER_EXCEPTION) {
- getLogWriter().info("Got expected exception when doing puts: " + ex);
- }
- else {
- fail("Got unexpected exception when doing puts", ex);
- }
- }
-
- for (int index = 0; index < num; ++index) {
- try {
- if (newVals) {
- region.put(KEYS[index], NVALUES[index]);
- }
- else {
- region.put(KEYS[index], VALUES[index]);
- }
- if (expectedResult != NO_EXCEPTION) {
- fail("Expected a NotAuthorizedException while doing puts");
- }
-
- }
- catch (NoAvailableServersException ex) {
- if (expectedResult == NO_AVAILABLE_SERVERS) {
- getLogWriter().info("Got expected NoAvailableServers when doing puts: " + ex.getCause());
- continue;
- }
- else {
- fail("Got unexpected exception when doing puts", ex);
- }
-
- }
- catch (ServerConnectivityException ex) {
- if ((expectedResult == NOTAUTHZ_EXCEPTION) && (ex.getCause() instanceof NotAuthorizedException)) {
- getLogWriter().info("Got expected NotAuthorizedException when doing puts: " + ex.getCause());
- continue;
- }
-
- if ((expectedResult == AUTHREQ_EXCEPTION) && (ex.getCause() instanceof AuthenticationRequiredException)) {
- getLogWriter().info("Got expected AuthenticationRequiredException when doing puts: " + ex.getCause());
- continue;
- }
-
- if ((expectedResult == AUTHFAIL_EXCEPTION) && (ex.getCause() instanceof AuthenticationFailedException)) {
- getLogWriter().info("Got expected AuthenticationFailedException when doing puts: " + ex.getCause());
- continue;
- }
- else if (expectedResult == OTHER_EXCEPTION) {
- getLogWriter().info("Got expected exception when doing puts: " + ex);
- }
- else {
- fail("Got unexpected exception when doing puts", ex);
- }
-
- }
- catch (Exception ex) {
- if (expectedResult == OTHER_EXCEPTION) {
- getLogWriter().info("Got expected exception when doing puts: " + ex);
- }
- else {
- fail("Got unexpected exception when doing puts", ex);
- }
- }
- }
- }
-
- private static Map<Field, Object> getSSLFields(final Object obj, final Class[] classes) {
- Map<Field, Object> resultFields = new HashMap<>();
- Field[] fields = obj.getClass().getDeclaredFields();
-
- for (int index = 0; index < fields.length; ++index) {
- Field field = fields[index];
-
- try {
- field.setAccessible(true);
- Object fieldObj = field.get(obj);
- boolean isInstance = false;
-
- for (int classIndex = 0; classIndex < classes.length; ++classIndex) {
- if ((isInstance = classes[classIndex].isInstance(fieldObj)) == true) {
- break;
- }
- }
-
- if (isInstance) {
- resultFields.put(field, fieldObj);
- }
-
- }
- catch (IllegalAccessException ex) {
- getLogWriter().warning("Exception while getting SSL fields.", ex);
- }
- }
- return resultFields;
- }
-
- private static void makeNullSSLFields(final Object obj, final Map<Field, Object> fieldMap) {
- for (Iterator<Map.Entry<Field, Object>> fieldIter = fieldMap.entrySet().iterator(); fieldIter.hasNext(); ) {
- Map.Entry<Field, Object> entry = fieldIter.next();
- Field field = entry.getKey();
- Object fieldObj = entry.getValue();
-
- try {
- field.setAccessible(true);
- makeNullStaticField(fieldObj.getClass());
- field.set(obj, null);
- assertNull(field.get(obj));
-
- }
- catch (IllegalAccessException ex) {
- getLogWriter().warning("Exception while clearing SSL fields.", ex);
- }
- }
- }
-
- /**
- * Deal with javax SSL properties
- */
- private static void makeNullStaticField(final Class sslClass) {
- Field[] fields = sslClass.getDeclaredFields();
- for (int index = 0; index < fields.length; ++index) {
- Field field = fields[index];
-
- try {
- if (Modifier.isStatic(field.getModifiers())) {
- field.setAccessible(true);
- if (field.getClass().equals(boolean.class)) {
- field.setBoolean(null, false);
- assertFalse(field.getBoolean(null));
-
- }
- else if (sslClass.isInstance(field.get(null))) {
- field.set(null, null);
- assertNull(field.get(null));
- }
- }
-
- }
- catch (IllegalAccessException ex) {
- getLogWriter().warning("Exception while clearing static SSL field.", ex);
- }
- catch (ClassCastException ex) {
- getLogWriter().warning("Exception while clearing static SSL field.", ex);
- }
- }
- }
-
- private static void doQueryExecuteP(final int multiUserIndex, final int expectedResult, final int expectedValue) {
- Region region = null;
- try {
- if (multiUserAuthMode) {
- region = proxyCaches[multiUserIndex].getRegion(REGION_NAME);
- }
- else {
- region = getCache().getRegion(REGION_NAME);
- }
- assertNotNull(region);
-
- }
- catch (Exception ex) {
- if (expectedResult == OTHER_EXCEPTION) {
- getLogWriter().info("Got expected exception when executing query: " + ex);
- }
- else {
- fail("Got unexpected exception when executing query", ex);
- }
- }
-
- try {
- String queryString = "SELECT DISTINCT * FROM " + region.getFullPath();
- Query query = null;
-
- if (multiUserAuthMode) {
- query = proxyCaches[multiUserIndex].getQueryService().newQuery(queryString);
- }
- else {
- region.getCache().getQueryService().newQuery(queryString);
- }
-
- SelectResults result = (SelectResults) query.execute();
- if (expectedResult != NO_EXCEPTION) {
- fail("Expected a NotAuthorizedException while executing function");
- }
- assertEquals(expectedValue, result.asList().size());
-
- }
- catch (NoAvailableServersException ex) {
- if (expectedResult == NO_AVAILABLE_SERVERS) {
- getLogWriter().info("Got expected NoAvailableServers when executing query: " + ex.getCause());
- }
- else {
- fail("Got unexpected exception when executing query", ex);
- }
-
- }
- catch (ServerConnectivityException ex) {
- if ((expectedResult == NOTAUTHZ_EXCEPTION) && (ex.getCause() instanceof NotAuthorizedException)) {
- getLogWriter().info("Got expected NotAuthorizedException when executing query: " + ex.getCause());
- }
- else if (expectedResult == OTHER_EXCEPTION) {
- getLogWriter().info("Got expected exception when executing query: " + ex);
- }
- else {
- fail("Got unexpected exception when executing query", ex);
- }
-
- }
- catch (Exception ex) {
- if (expectedResult == OTHER_EXCEPTION) {
- getLogWriter().info("Got expected exception when executing query: " + ex);
- }
- else {
- fail("Got unexpected exception when executing query", ex);
- }
- }
- }
-
- private static void doFunctionExecuteP(final int multiUserIndex, final Function function, int expectedResult, final String method) {
- Region region = null;
- try {
- if (multiUserAuthMode) {
- region = proxyCaches[multiUserIndex].getRegion(REGION_NAME);
- }
- else {
- region = getCache().getRegion(REGION_NAME);
- }
- assertNotNull(region);
-
- }
- catch (Exception ex) {
- if (expectedResult == OTHER_EXCEPTION) {
- getLogWriter().info("Got expected exception when executing function: " + ex);
- }
- else {
- fail("Got unexpected exception when executing function", ex);
- }
- }
-
- try {
- FunctionService.registerFunction(function);
- Execution execution = null;
-
- if ("region".equals(method)) {
- execution = FunctionService.onRegion(region);
-
- }
- else if ("server".equals(method)) {
- if (multiUserAuthMode) {
- execution = FunctionService.onServer(proxyCaches[multiUserIndex]);
- }
- else {
- execution = FunctionService.onServer(pool);
- }
-
- }
- else { // if ("servers".equals(method)) {
- if (multiUserAuthMode) {
- execution = FunctionService.onServers(proxyCaches[multiUserIndex]);
- }
- else {
- execution = FunctionService.onServers(pool);
- }
- }
-
- execution.execute(function.getId());
- if (expectedResult != NO_EXCEPTION) {
- fail("Expected a NotAuthorizedException while executing function");
- }
-
- }
- catch (NoAvailableServersException ex) {
- if (expectedResult == NO_AVAILABLE_SERVERS) {
- getLogWriter().info("Got expected NoAvailableServers when executing function: " + ex.getCause());
- }
- else {
- fail("Got unexpected exception when executing function", ex);
- }
-
- }
- catch (ServerConnectivityException ex) {
- if ((expectedResult == NOTAUTHZ_EXCEPTION) && (ex.getCause() instanceof NotAuthorizedException)) {
- getLogWriter().info("Got expected NotAuthorizedException when executing function: " + ex.getCause());
- }
- else if (expectedResult == OTHER_EXCEPTION) {
- getLogWriter().info("Got expected exception when executing function: " + ex);
- }
- else {
- fail("Got unexpected exception when executing function", ex);
- }
-
- }
- catch (FunctionException ex) {
- // if NOTAUTHZ_EXCEPTION AND (cause is NotAuthorizedException OR (cause is ServerOperationException AND cause.cause is NotAuthorizedException))
- if (expectedResult == NOTAUTHZ_EXCEPTION && (ex.getCause() instanceof NotAuthorizedException || (ex.getCause() instanceof ServerOperationException && ex
- .getCause().getCause() instanceof NotAuthorizedException))) {
- getLogWriter().info("Got expected NotAuthorizedException when executing function: " + ex.getCause());
- }
- else if (expectedResult == OTHER_EXCEPTION) {
- getLogWriter().info("Got expected exception when executing function: " + ex);
- }
- else {
- fail("Got unexpected exception when executing function", ex);
- }
-
- }
- catch (Exception ex) {
- if (expectedResult == OTHER_EXCEPTION) {
- getLogWriter().info("Got expected exception when executing function: " + ex);
- }
- else {
- fail("Got unexpected exception when executing function", ex);
- }
- }
- }
-
- private static void doQueriesP(final int multiUserIndex, final int expectedResult, final int expectedValue) {
- Region region = null;
- try {
- if (multiUserAuthMode) {
- region = proxyCaches[multiUserIndex].getRegion(REGION_NAME);
- }
- else {
- region = getCache().getRegion(REGION_NAME);
- }
- assertNotNull(region);
-
- }
- catch (Exception ex) {
- if (expectedResult == OTHER_EXCEPTION) {
- getLogWriter().info("Got expected exception when doing queries: " + ex);
- }
- else {
- fail("Got unexpected exception when doing queries", ex);
- }
- }
-
- String queryStr = "SELECT DISTINCT * FROM " + region.getFullPath();
- try {
- SelectResults queryResults = region.query(queryStr);
- Set resultSet = queryResults.asSet();
- assertEquals(expectedValue, resultSet.size());
- if (expectedResult != NO_EXCEPTION) {
- fail("Expected a NotAuthorizedException while doing queries");
- }
-
- }
- catch (NoAvailableServersException ex) {
- if (expectedResult == NO_AVAILABLE_SERVERS) {
- getLogWriter().info("Got expected NoAvailableServers when doing queries: " + ex.getCause());
- }
- else {
- fail("Got unexpected exception when doing queries", ex);
- }
-
- }
- catch (ServerConnectivityException ex) {
- if ((expectedResult == NOTAUTHZ_EXCEPTION) && (ex.getCause() instanceof NotAuthorizedException)) {
- getLogWriter().info("Got expected NotAuthorizedException when doing queries: " + ex.getCause());
- }
- else if (expectedResult == OTHER_EXCEPTION) {
- getLogWriter().info("Got expected exception when doing queries: " + ex);
- }
- else {
- fail("Got unexpected exception when doing queries", ex);
- }
-
- }
- catch (QueryInvocationTargetException qite) {
- if ((expectedResult == NOTAUTHZ_EXCEPTION) && (qite.getCause() instanceof NotAuthorizedException)) {
- getLogWriter().info("Got expected NotAuthorizedException when doing queries: " + qite.getCause());
- }
- else if (expectedResult == OTHER_EXCEPTION) {
- getLogWriter().info("Got expected exception when doing queries: " + qite);
- }
- else {
- fail("Got unexpected exception when doing queries", qite);
- }
-
- }
- catch (Exception ex) {
- if (expectedResult == OTHER_EXCEPTION) {
- getLogWriter().info("Got expected exception when doing queries: " + ex);
- }
- else {
- fail("Got unexpected exception when doing queries", ex);
- }
- }
- }
-
- private static void doContainsKeysP(final int num, final int multiUserIndex, final int expectedResult, final boolean expectedValue) {
- assertTrue(num <= KEYS.length);
-
- Region region = null;
- try {
- if (multiUserAuthMode) {
- region = proxyCaches[multiUserIndex].getRegion(REGION_NAME);
- }
- else {
- region = getCache().getRegion(REGION_NAME);
- }
- assertNotNull(region);
-
- }
- catch (Exception ex) {
- if (expectedResult == OTHER_EXCEPTION) {
- getLogWriter().info("Got expected exception when doing containsKey: " + ex);
- }
- else {
- fail("Got unexpected exception when doing containsKey", ex);
- }
- }
-
- for (int index = 0; index < num; ++index) {
- boolean result = false;
-
- try {
- result = region.containsKeyOnServer(KEYS[index]);
- if (expectedResult != NO_EXCEPTION) {
- fail("Expected a NotAuthorizedException while doing containsKey");
- }
-
- }
- catch (NoAvailableServersException ex) {
- if (expectedResult == NO_AVAILABLE_SERVERS) {
- getLogWriter().info("Got expected NoAvailableServers when doing containsKey: " + ex.getCause());
- continue;
- }
- else {
- fail("Got unexpected exception when doing containsKey", ex);
- }
-
- }
- catch (ServerConnectivityException ex) {
- if ((expectedResult == NOTAUTHZ_EXCEPTION) && (ex.getCause() instanceof NotAuthorizedException)) {
- getLogWriter().info("Got expected NotAuthorizedException when doing containsKey: " + ex.getCause());
- continue;
- }
- else if (expectedResult == OTHER_EXCEPTION) {
- getLogWriter().info("Got expected exception when doing containsKey: " + ex);
- }
- else {
- fail("Got unexpected exception when doing containsKey", ex);
- }
-
- }
- catch (Exception ex) {
- if (expectedResult == OTHER_EXCEPTION) {
- getLogWriter().info("Got expected exception when doing containsKey: " + ex);
- }
- else {
- fail("Got unexpected exception when doing containsKey", ex);
- }
- }
-
- assertEquals(expectedValue, result);
- }
- }
-
- private static void doInvalidatesP(final int num, final int multiUserIndex, final int expectedResult) {
- assertTrue(num <= KEYS.length);
-
- Region region = null;
- try {
- if (multiUserAuthMode) {
- region = proxyCaches[multiUserIndex].getRegion(REGION_NAME);
- }
- else {
- region = getCache().getRegion(REGION_NAME);
- }
- assertNotNull(region);
-
- }
- catch (Exception ex) {
- if (expectedResult == OTHER_EXCEPTION) {
- getLogWriter().info("Got expected exception when doing invalidates: " + ex);
- }
- else {
- fail("Got unexpected exception when doing invalidates", ex);
- }
- }
-
- for (int index = 0; index < num; ++index) {
- try {
- region.invalidate(KEYS[index]);
- if (expectedResult != NO_EXCEPTION) {
- fail("Expected a NotAuthorizedException while doing invalidates");
- }
-
- }
- catch (NoAvailableServersException ex) {
- if (expectedResult == NO_AVAILABLE_SERVERS) {
- getLogWriter().info("Got expected NoAvailableServers when doing invalidates: " + ex.getCause());
- continue;
- }
- else {
- fail("Got unexpected exception when doing invalidates", ex);
- }
-
- }
- catch (ServerConnectivityException ex) {
- if ((expectedResult == NOTAUTHZ_EXCEPTION) && (ex.getCause() instanceof NotAuthorizedException)) {
- getLogWriter().info("Got expected NotAuthorizedException when doing invalidates: " + ex.getCause());
- continue;
- }
- else if (expectedResult == OTHER_EXCEPTION) {
- getLogWriter().info("Got expected exception when doing invalidates: " + ex);
- }
- else {
- fail("Got unexpected exception when doing invalidates", ex);
- }
-
- }
- catch (Exception ex) {
- if (expectedResult == OTHER_EXCEPTION) {
- getLogWriter().info("Got expected exception when doing invalidates: " + ex);
- }
- else {
- fail("Got unexpected exception when doing invalidates", ex);
- }
- }
- }
- }
-
- private static void doDestroysP(final int num, final int multiUserIndex, final int expectedResult) {
- assertTrue(num <= KEYS.length);
-
- Region region = null;
- try {
- if (multiUserAuthMode) {
- region = proxyCaches[multiUserIndex].getRegion(REGION_NAME);
- }
- else {
- region = getCache().getRegion(REGION_NAME);
- }
- assertNotNull(region);
-
- }
- catch (Exception ex) {
- if (expectedResult == OTHER_EXCEPTION) {
- getLogWriter().info("Got expected exception when doing destroys: " + ex);
- }
- else {
- fail("Got unexpected exception when doing destroys", ex);
- }
- }
-
- for (int index = 0; index < num; ++index) {
- try {
- region.destroy(KEYS[index]);
- if (expectedResult != NO_EXCEPTION) {
- fail("Expected a NotAuthorizedException while doing destroys");
- }
-
- }
- catch (NoAvailableServersException ex) {
- if (expectedResult == NO_AVAILABLE_SERVERS) {
- getLogWriter().info("Got expected NoAvailableServers when doing destroys: " + ex.getCause());
- continue;
- }
- else {
- fail("Got unexpected exception when doing destroys", ex);
- }
-
- }
- catch (ServerConnectivityException ex) {
- if ((expectedResult == NOTAUTHZ_EXCEPTION) && (ex.getCause() instanceof NotAuthorizedException)) {
- getLogWriter().info("Got expected NotAuthorizedException when doing destroys: " + ex.getCause());
- continue;
- }
- else if (expectedResult == OTHER_EXCEPTION) {
- getLogWriter().info("Got expected exception when doing destroys: " + ex);
- }
- else {
- fail("Got unexpected exception when doing destroys", ex);
- }
-
- }
- catch (Exception ex) {
- if (expectedResult == OTHER_EXCEPTION) {
- getLogWriter().info("Got expected exception when doing destroys: " + ex);
- }
- else {
- fail("Got unexpected exception when doing destroys", ex);
- }
- }
- }
- }
-
- private static void doRegionDestroysP(final int multiUserIndex, final int expectedResult) {
- Region region = null;
- try {
- if (multiUserAuthMode) {
- region = proxyCaches[multiUserIndex].getRegion(REGION_NAME);
- }
- else {
- region = getCache().getRegion(REGION_NAME);
- }
- assertNotNull(region);
-
- }
- catch (Exception ex) {
- if (expectedResult == OTHER_EXCEPTION) {
- getLogWriter().info("Got expected exception when doing region destroy: " + ex);
- }
- else {
- fail("Got unexpected exception when doing region destroy", ex);
- }
- }
-
- try {
- region.destroyRegion();
- if (expectedResult != NO_EXCEPTION) {
- fail("Expected a NotAuthorizedException while doing region destroy");
- }
-
- if (multiUserAuthMode) {
- region = proxyCaches[multiUserIndex].getRegion(REGION_NAME);
- }
- else {
- region = getCache().getRegion(REGION_NAME);
- }
- assertNull(region);
-
- }
- catch (NoAvailableServersException ex) {
- if (expectedResult == NO_AVAILABLE_SERVERS) {
- getLogWriter().info("Got expected NoAvailableServers when doing region destroy: " + ex.getCause());
- }
- else {
- fail("Got unexpected exception when doing region destroy", ex);
- }
-
- }
- catch (ServerConnectivityException ex) {
- if ((expectedResult == NOTAUTHZ_EXCEPTION) && (ex.getCause() instanceof NotAuthorizedException)) {
- getLogWriter().info("Got expected NotAuthorizedException when doing region destroy: " + ex.getCause());
- }
- else if (expectedResult == OTHER_EXCEPTION) {
- getLogWriter().info("Got expected exception when doing region destroy: " + ex);
- }
- else {
- fail("Got unexpected exception when doing region destroy", ex);
- }
-
- }
- catch (Exception ex) {
- if (expectedResult == OTHER_EXCEPTION) {
- getLogWriter().info("Got expected exception when doing region destroy: " + ex);
- }
- else {
- fail("Got unexpected exception when doing region destroy", ex);
- }
- }
- }
-
- private static void doLocalGetsP(final int num, final boolean checkNVals) {
- assertTrue(num <= KEYS.length);
-
- String[] vals = VALUES;
- if (checkNVals) {
- vals = NVALUES;
- }
-
- final Region region = getCache().getRegion(REGION_NAME);
- assertNotNull(region);
-
- for (int index = 0; index < num; ++index) {
- final String key = KEYS[index];
- final String expectedVal = vals[index];
- waitForCondition(() -> expectedVal.equals(getLocalValue(region, key)), 1000, 30 / num);
- }
-
- for (int index = 0; index < num; ++index) {
- Region.Entry entry = region.getEntry(KEYS[index]);
- assertNotNull(entry);
- assertEquals(vals[index], entry.getValue());
- }
- }
-
- private static void doGetAllP(final int multiUserIndex, final int expectedResult, final boolean useTX) {
- Region region = null;
- try {
- if (multiUserAuthMode) {
- region = proxyCaches[multiUserIndex].getRegion(REGION_NAME);
- }
- else {
- region = getCache().getRegion(REGION_NAME);
- }
- assertNotNull(region);
-
- }
- catch (Exception ex) {
- if (expectedResult == OTHER_EXCEPTION) {
- getLogWriter().info("Got expected exception when doing getAll: " + ex);
- }
- else {
- fail("Got unexpected exception when doing getAll", ex);
- }
- }
-
- try {
- List keys = new ArrayList();
- keys.add("key1");
- keys.add("key2");
-
- if (useTX) {
- getCache().getCacheTransactionManager().begin();
- }
-
- Map entries = region.getAll(keys);
-
- // Also check getEntry()
- region.getEntry("key1");
-
- if (useTX) {
- getCache().getCacheTransactionManager().commit();
- }
-
- assertNotNull(entries);
-
- if ((expectedResult == NOTAUTHZ_EXCEPTION)) {
- assertEquals(0, entries.size());
- }
- else if ((expectedResult == NO_EXCEPTION)) {
- assertEquals(2, entries.size());
- assertEquals("value1", entries.get("key1"));
- assertEquals("value2", entries.get("key2"));
- }
-
- }
- catch (NoAvailableServersException ex) {
- if (expectedResult == NO_AVAILABLE_SERVERS) {
- getLogWriter().info("Got expected NoAvailableServers when doing getAll: " + ex.getCause());
- }
- else {
- fail("Got unexpected exception when doing getAll", ex);
- }
-
- }
- catch (ServerConnectivityException ex) {
- if ((expectedResult == NOTAUTHZ_EXCEPTION) && (ex.getCause() instanceof NotAuthorizedException)) {
- getLogWriter().info("Got expected NotAuthorizedException when doing getAll: " + ex.getCause());
- }
- else if (expectedResult == OTHER_EXCEPTION) {
- getLogWriter().info("Got expected exception when doing getAll: " + ex);
- }
- else {
- fail("Got unexpected exception when doing getAll", ex);
- }
-
- }
- catch (Exception ex) {
- if (expectedResult == OTHER_EXCEPTION) {
- getLogWriter().info("Got expected exception when doing getAll: " + ex);
- }
- else {
- fail("Got unexpected exception when doing getAll", ex);
- }
- }
- }
-
- private static void doGetsP(final int num, final int expectedResult, final boolean newVals) {
- doGetsP(num, 0, expectedResult, newVals);
- }
-
- private static void doGetsP(final int num, final int multiUserIndex, final int expectedResult, final boolean newVals) {
- assertTrue(num <= KEYS.length);
-
- Region region = null;
- try {
- if (multiUserAuthMode) {
- region = proxyCaches[multiUserIndex].getRegion(REGION_NAME);
- }
- else {
- region = getCache().getRegion(REGION_NAME);
- }
- assertNotNull(region);
-
- }
- catch (Exception ex) {
- if (expectedResult == OTHER_EXCEPTION) {
- getLogWriter().info("Got expected exception when doing gets: " + ex);
- }
- else {
- fail("Got unexpected exception when doing gets", ex);
- }
- }
-
- for (int index = 0; index < num; ++index) {
- Object value = null;
- try {
-
- try {
- region.localInvalidate(KEYS[index]);
- }
- catch (Exception ex) {
- }
-
- value = region.get(KEYS[index]);
- if (expectedResult != NO_EXCEPTION) {
- fail("Expected a NotAuthorizedException while doing gets");
- }
-
- }
- catch (NoAvailableServersException ex) {
- if (expectedResult == NO_AVAILABLE_SERVERS) {
- getLogWriter().info("Got expected NoAvailableServers when doing gets: " + ex.getCause());
- continue;
- }
- else {
- fail("Got unexpected exception when doing gets", ex);
- }
-
- }
- catch (ServerConnectivityException ex) {
- if ((expectedResult == NOTAUTHZ_EXCEPTION) && (ex.getCause() instanceof NotAuthorizedException)) {
- getLogWriter().info("Got expected NotAuthorizedException when doing gets: " + ex.getCause());
- continue;
- }
- else if (expectedResult == OTHER_EXCEPTION) {
- getLogWriter().info("Got expected exception when doing gets: " + ex);
- }
- else {
- fail("Got unexpected exception when doing gets", ex);
- }
-
- }
- catch (Exception ex) {
- if (expectedResult == OTHER_EXCEPTION) {
- getLogWriter().info("Got expected exception when doing gets: " + ex);
- }
- else {
- fail("Got unexpected exception when doing gets", ex);
- }
- }
-
- assertNotNull(value);
-
- if (newVals) {
- assertEquals(NVALUES[index], value);
- }
- else {
- assertEquals(VALUES[index], value);
- }
- }
- }
-
- // ----------------------------- member methods -----------------------------
-
- public DistributedSystem createSystem(final Properties sysProps, final Properties javaProps) {
- closeCache();
- clearStaticSSLContext();
- setJavaProps(javaProps);
-
- DistributedSystem dsys = distributedTestCase.getSystem(sysProps);
- assertNotNull(dsys);
- addIgnoredExceptions(ignoredExceptions);
- return dsys;
- }
-
- private void openCache() {
- assertNotNull(distributedTestCase.basicGetSystem());
- assertTrue(distributedTestCase.basicGetSystem().isConnected());
- cache = CacheFactory.create(distributedTestCase.basicGetSystem());
- assertNotNull(cache);
- }
-
- // ------------------------------- inner classes ----------------------------
-
- private static class Employee implements PdxSerializable {
-
- private Long Id;
- private String fname;
- private String lname;
-
- public Employee() {
- }
-
- public Employee(Long id, String fn, String ln) {
- this.Id = id;
- this.fname = fn;
- this.lname = ln;
- }
-
- /**
- * For test purpose, to make sure
- * the object is not deserialized
- */
- @Override
- public void fromData(PdxReader in) {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public void toData(PdxWriter out) {
- out.writeLong("Id", Id);
- out.writeString("fname", fname);
- out.writeString("lname", lname);
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/SpySecurityManager.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/SpySecurityManager.java b/geode-core/src/test/java/com/gemstone/gemfire/security/SpySecurityManager.java
deleted file mode 100644
index 91d25f0..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/SpySecurityManager.java
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security;
-
-import java.util.Properties;
-
-import org.apache.geode.security.SecurityManager;
-
-public class SpySecurityManager implements SecurityManager {
-
- public int initInvoked = 0;
- public int closeInvoked = 0;
-
- @Override
- public void init(final Properties securityProps) {
- initInvoked++;
- }
-
- @Override
- public Object authenticate(final Properties props) throws AuthenticationFailedException {
- return null;
- }
-
- @Override
- public void close() {
- closeInvoked++;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/generator/AuthzCredentialGenerator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/generator/AuthzCredentialGenerator.java b/geode-core/src/test/java/com/gemstone/gemfire/security/generator/AuthzCredentialGenerator.java
deleted file mode 100755
index 1a99974..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/generator/AuthzCredentialGenerator.java
+++ /dev/null
@@ -1,447 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security.generator;
-
-import java.security.Principal;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Properties;
-
-import org.apache.logging.log4j.Logger;
-
-import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
-import com.gemstone.gemfire.internal.logging.LogService;
-import com.gemstone.gemfire.security.AccessControl;
-import com.gemstone.gemfire.security.templates.DummyAuthorization;
-import com.gemstone.gemfire.security.templates.XmlAuthorization;
-
-/**
- * Encapsulates obtaining authorized and unauthorized credentials for a given
- * operation in a region. Implementations will be for different kinds of
- * authorization scheme and authentication scheme combos.
- *
- * @since GemFire 5.5
- */
-public abstract class AuthzCredentialGenerator {
-
- private static final Logger logger = LogService.getLogger();
-
- /**
- * The {@link CredentialGenerator} being used.
- */
- protected CredentialGenerator generator;
-
- /**
- * A set of system properties that should be added to the gemfire system
- * properties before using the authorization module.
- */
- private Properties systemProperties;
-
- /**
- * A factory method to create a new instance of an
- * {@link AuthzCredentialGenerator} for the given {@link ClassCode}. Caller
- * is supposed to invoke {@link AuthzCredentialGenerator#init} immediately
- * after obtaining the instance.
- *
- * @param classCode
- * the {@code ClassCode} of the {@code AuthzCredentialGenerator}
- * implementation
- *
- * @return an instance of {@code AuthzCredentialGenerator} for the given
- * class code
- */
- public static AuthzCredentialGenerator create(final ClassCode classCode) {
- switch (classCode.classType) {
- case ClassCode.ID_DUMMY:
- return new DummyAuthzCredentialGenerator();
- case ClassCode.ID_XML:
- return new XmlAuthzCredentialGenerator();
- default:
- return null;
- }
- }
-
- /**
- * Initialize the authorized credential generator.
- *
- * @param generator
- * an instance of {@link CredentialGenerator} of the credential
- * implementation for which to obtain authorized/unauthorized
- * credentials.
- *
- * @return false when the given {@link CredentialGenerator} is incompatible
- * with this authorization module.
- */
- public boolean init(final CredentialGenerator generator) {
- this.generator = generator;
- try {
- this.systemProperties = init();
- } catch (IllegalArgumentException ex) {
- return false;
- }
- return true;
- }
-
- /**
- *
- * @return A set of extra properties that should be added to Gemfire system
- * properties when not null.
- */
- public Properties getSystemProperties() {
- return this.systemProperties;
- }
-
- /**
- * Get the {@link CredentialGenerator} being used by this instance.
- */
- public CredentialGenerator getCredentialGenerator() {
- return this.generator;
- }
-
- /**
- * Initialize the authorized credential generator.
- *
- * Required to be implemented by concrete classes that implement this abstract
- * class.
- *
- * @return A set of extra properties that should be added to Gemfire system
- * properties when not null.
- *
- * @throws IllegalArgumentException when the {@link CredentialGenerator} is
- * incompatible with this authorization module.
- */
- protected abstract Properties init() throws IllegalArgumentException;
-
- /**
- * The {@link ClassCode} of the particular implementation.
- *
- * @return the {@code ClassCode}
- */
- public abstract ClassCode classCode();
-
- /**
- * The name of the {@link AccessControl} factory function that should be used
- * as the authorization module on the server side.
- *
- * @return name of the {@code AccessControl} factory function
- */
- public abstract String getAuthorizationCallback();
-
- /**
- * Get a set of credentials generated using the given index allowed to perform
- * the given {@link OperationCode}s for the given regions.
- *
- * @param opCodes
- * the list of {@link OperationCode}s of the operations requiring
- * authorization; should not be null
- * @param regionNames
- * list of the region names requiring authorization; a value of
- * null indicates all regions
- * @param index
- * used to generate multiple such credentials by passing different
- * values for this
- *
- * @return the set of credentials authorized to perform the given operation in
- * the given regions
- */
- public Properties getAllowedCredentials(final OperationCode[] opCodes, final String[] regionNames, final int index) {
- int numTries = getNumPrincipalTries(opCodes, regionNames);
- if (numTries <= 0) {
- numTries = 1;
- }
-
- for (int tries = 0; tries < numTries; tries++) {
- final Principal principal = getAllowedPrincipal(opCodes, regionNames, (index + tries) % numTries);
- try {
- return this.generator.getValidCredentials(principal);
- } catch (IllegalArgumentException ex) {
- }
- }
- return null;
- }
-
- /**
- * Get a set of credentials generated using the given index not allowed to
- * perform the given {@link OperationCode}s for the given regions. The
- * credentials are required to be valid for authentication.
- *
- * @param opCodes
- * the {@link OperationCode}s of the operations requiring
- * authorization failure; should not be null
- * @param regionNames
- * list of the region names requiring authorization failure; a value
- * of null indicates all regions
- * @param index
- * used to generate multiple such credentials by passing different
- * values for this
- *
- * @return the set of credentials that are not authorized to perform the given
- * operation in the given region
- */
- public Properties getDisallowedCredentials(final OperationCode[] opCodes, final String[] regionNames, final int index) {
- // This may not be very correct since we use the value of
- // getNumPrincipalTries() but is used to avoid adding another method.
- // Also something like getNumDisallowedPrincipals() will be normally always
- // infinite, and the number here is just to perform some number of tries
- // before giving up.
-
- int numTries = getNumPrincipalTries(opCodes, regionNames);
- if (numTries <= 0) {
- numTries = 1;
- }
-
- for (int tries = 0; tries < numTries; tries++) {
- final Principal principal = getDisallowedPrincipal(opCodes, regionNames, (index + tries) % numTries);
- try {
- return this.generator.getValidCredentials(principal);
- } catch (IllegalArgumentException ex) {
- }
- }
- return null;
- }
-
- /**
- * Get the number of tries to be done for obtaining valid credentials for the
- * given operations in the given region. It is required that
- * {@link #getAllowedPrincipal} method returns valid principals for values of
- * {@code index} from 0 through (n-1) where {@code n} is the
- * value returned by this method. It is recommended that the principals so
- * returned be unique for efficiency.
- *
- * This will be used by {@link #getAllowedCredentials} to step through
- * different principals and obtain a set of valid credentials.
- *
- * Required to be implemented by concrete classes that implement this abstract
- * class.
- *
- * @param opCodes
- * the {@link OperationCode}s of the operations requiring
- * authorization
- * @param regionNames
- * list of the region names requiring authorization; a value of null
- * indicates all regions
- *
- * @return the number of principals allowed to perform the given operation in
- * the given region
- */
- protected abstract int getNumPrincipalTries(final OperationCode[] opCodes, final String[] regionNames);
-
- /**
- * Get a {@link Principal} generated using the given index allowed to perform
- * the given {@link OperationCode}s for the given region.
- *
- * Required to be implemented by concrete classes that implement this abstract
- * class.
- *
- * @param opCodes
- * the {@link OperationCode}s of the operations requiring
- * authorization
- * @param regionNames
- * list of the region names requiring authorization; a value of null
- * indicates all regions
- * @param index
- * used to generate multiple such principals by passing different
- * values for this
- *
- * @return the {@link Principal} authorized to perform the given operation in
- * the given region
- */
- protected abstract Principal getAllowedPrincipal(final OperationCode[] opCodes, final String[] regionNames, final int index);
-
- /**
- * Get a {@link Principal} generated using the given index not allowed to
- * perform the given {@link OperationCode}s for the given region.
- *
- * Required to be implemented by concrete classes that implement this abstract
- * class.
- *
- * @param opCodes
- * the {@link OperationCode}s of the operations requiring
- * authorization failure
- * @param regionNames
- * list of the region names requiring authorization failure; a value
- * of null indicates all regions
- * @param index
- * used to generate multiple such principals by passing different
- * values for this
- *
- * @return a {@link Principal} not authorized to perform the given operation
- * in the given region
- */
- protected abstract Principal getDisallowedPrincipal(final OperationCode[] opCodes, final String[] regionNames, final int index);
-
- /**
- * Enumeration for various {@link AuthzCredentialGenerator} implementations.
- *
- * <p>The following schemes are supported as of now:
- * <ul>
- * <li>{@code DummyAuthorization} with {@code DummyAuthenticator}</li>
- * <li>{@code XMLAuthorization} with {@code DummyAuthenticator}</li>
- * <li>{@code XMLAuthorization} with {@code LDAPAuthenticator}</li>
- * <li>{@code XMLAuthorization} with {@code PKCSAuthenticator}</li>
- * <li>{@code XMLAuthorization} when using SSL sockets</li>
- * </ul>
- *
- * <p>To add a new authorization scheme the following needs to be done:
- * <ul>
- * <li>Add implementation for {@link AccessControl}.</li>
- * <li>Choose the authentication schemes that it shall work with from
- * {@link CredentialGenerator.ClassCode}</li>
- * <li>Add a new enumeration value for the scheme in this class. Notice the
- * size of {@code VALUES} array and increase that if it is getting
- * overflowed. Note the methods and fields for existing schemes and add for
- * the new one in a similar manner.</li>
- * <li>Add an implementation for {@link AuthzCredentialGenerator}. Note the
- * {@link AuthzCredentialGenerator#init} method where different authentication
- * schemes can be passed and initialize differently for the authentication
- * schemes that shall be handled.</li>
- * <li>Modify the {@link AuthzCredentialGenerator#create} method to add
- * creation of an instance of the new implementation for the
- * {@code ClassCode} enumeration value.</li>
- * </ul>
- *
- * <p>All dunit tests will automagically start testing the new implementation
- * after this.
- *
- * @since GemFire 5.5
- */
- public static final class ClassCode {
-
- private static byte nextOrdinal = 0;
-
- private static final byte ID_DUMMY = 1;
- private static final byte ID_XML = 2;
-
- private static final ClassCode[] VALUES = new ClassCode[10];
- private static final Map CODE_NAME_MAP = new HashMap();
-
- public static final ClassCode DUMMY = new ClassCode(DummyAuthorization.class.getName() + ".create", ID_DUMMY);
- public static final ClassCode XML = new ClassCode(XmlAuthorization.class.getName() + ".create", ID_XML);
-
- /** The name of this class. */
- private final String name;
-
- /** byte used as ordinal to represent this class */
- private final byte ordinal;
-
- /**
- * One of the following: ID_DUMMY, ID_LDAP, ID_PKI
- */
- private final byte classType;
-
- /** Creates a new instance of class code. */
- private ClassCode(final String name, final byte classType) {
- this.name = name;
- this.classType = classType;
- this.ordinal = nextOrdinal++;
- VALUES[this.ordinal] = this;
- CODE_NAME_MAP.put(name, this);
- }
-
- public boolean isDummy() {
- return this.classType == ID_DUMMY;
- }
-
- public boolean isXml() {
- return this.classType == ID_XML;
- }
-
- /**
- * Returns the {@code ClassCode} represented by specified ordinal.
- */
- public static ClassCode fromOrdinal(final byte ordinal) {
- return VALUES[ordinal];
- }
-
- /**
- * Returns the {@code ClassCode} represented by specified string.
- */
- public static ClassCode parse(final String operationName) {
- return (ClassCode) CODE_NAME_MAP.get(operationName);
- }
-
- /**
- * Returns all the possible values.
- */
- public static List getAll() {
- final List codes = new ArrayList();
- for (Iterator iter = CODE_NAME_MAP.values().iterator(); iter.hasNext();) {
- codes.add(iter.next());
- }
- return codes;
- }
-
- /**
- * Returns the ordinal for this class code.
- *
- * @return the ordinal of this class code.
- */
- public byte toOrdinal() {
- return this.ordinal;
- }
-
- /**
- * Returns a string representation for this class code.
- *
- * @return the name of this class code.
- */
- @Override
- public final String toString() {
- return this.name;
- }
-
- /**
- * Indicates whether other object is same as this one.
- *
- * @return true if other object is same as this one.
- */
- @Override
- public final boolean equals(final Object obj) {
- if (obj == this) {
- return true;
- }
- if (!(obj instanceof ClassCode)) {
- return false;
- }
- final ClassCode other = (ClassCode)obj;
- return other.ordinal == this.ordinal;
- }
-
- /**
- * Indicates whether other {@code ClassCode} is same as this one.
- *
- * @return true if other {@code ClassCode} is same as this one.
- */
- public final boolean equals(final ClassCode opCode) {
- return opCode != null && opCode.ordinal == this.ordinal;
- }
-
- /**
- * Returns a hash code value for this {@code ClassCode} which is the
- * same as its ordinal.
- *
- * @return the ordinal of this {@code ClassCode}.
- */
- @Override
- public final int hashCode() {
- return this.ordinal;
- }
- }
-}
[12/15] incubator-geode git commit: GEODE-37 Renamed security related
stuff
Posted by hi...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/GemFireSecurityExceptionTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/GemFireSecurityExceptionTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/GemFireSecurityExceptionTest.java
deleted file mode 100644
index 5aa01ff..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/GemFireSecurityExceptionTest.java
+++ /dev/null
@@ -1,169 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security;
-
-import static com.googlecode.catchexception.CatchException.*;
-import static org.assertj.core.api.Assertions.*;
-
-import java.io.NotSerializableException;
-import java.io.Serializable;
-import javax.naming.NamingException;
-
-import org.apache.commons.lang.SerializationUtils;
-import org.junit.Before;
-import org.junit.Rule;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-import org.junit.rules.TestName;
-
-import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-import com.gemstone.gemfire.test.junit.categories.UnitTest;
-
-/**
- * Unit tests for {@link GemFireSecurityException}.
- */
-@Category({ UnitTest.class, SecurityTest.class })
-public class GemFireSecurityExceptionTest {
-
- private String message;
- private String causeMessage;
- private Object nonSerializableResolvedObj;
- private NamingException nonSerializableNamingException;
- private SerializableObject serializableResolvedObj;
- private NamingException serializableNamingException;
-
- @Rule
- public TestName testName = new TestName();
-
- @Before
- public void setUp() throws Exception {
- this.message = testName.getMethodName() + " message";
- this.causeMessage = testName.getMethodName() + " cause message";
-
- this.nonSerializableResolvedObj = new Object();
- this.nonSerializableNamingException = new NamingException(this.causeMessage);
- this.nonSerializableNamingException.setResolvedObj(this.nonSerializableResolvedObj);
-
- this.serializableResolvedObj = new SerializableObject(this.testName.getMethodName());
- this.serializableNamingException = new NamingException(this.causeMessage);
- this.serializableNamingException.setResolvedObj(this.serializableResolvedObj);
-
- assertPreConditions();
- }
-
- private void assertPreConditions() {
- catchException(this).clone(this.nonSerializableNamingException);
- assertThat((Throwable)caughtException()).isNotNull();
- assertThat((Throwable)caughtException().getCause()).isInstanceOf(NotSerializableException.class);
-
- catchException(this).clone(this.serializableNamingException);
- assertThat((Throwable)caughtException()).isNull();
-
- assertThat(this.nonSerializableResolvedObj).isNotInstanceOf(Serializable.class);
-
- catchException(this).clone(this.serializableResolvedObj);
- assertThat((Throwable)caughtException()).isNull();
- }
-
- @Test
- public void isSerializable() throws Exception {
- assertThat(GemFireSecurityException.class).isInstanceOf(Serializable.class);
- }
-
- @Test
- public void serializes() throws Exception {
- GemFireSecurityException instance = new GemFireSecurityException(this.message);
-
- GemFireSecurityException cloned = (GemFireSecurityException) SerializationUtils.clone(instance);
-
- assertThat(cloned).hasMessage(this.message);
- }
-
- @Test
- public void serializesWithThrowable() throws Exception {
- Throwable cause = new Exception(this.causeMessage);
- GemFireSecurityException instance = new GemFireSecurityException(this.message, cause);
-
- GemFireSecurityException cloned = (GemFireSecurityException) SerializationUtils.clone(instance);
-
- assertThat(cloned).hasMessage(this.message).hasCause(cause);
- assertThat(cloned.getCause()).hasMessage(this.causeMessage);
- }
-
- @Test
- public void serializesWithNonSerializableNamingException() throws Exception {
- GemFireSecurityException instance = new GemFireSecurityException(this.message, this.nonSerializableNamingException);
-
- GemFireSecurityException cloned = (GemFireSecurityException) SerializationUtils.clone(instance);
-
- assertThat(cloned).hasMessage(this.message).hasCause(this.nonSerializableNamingException);
- NamingException cause = (NamingException) cloned.getCause();
- assertThat(cause).hasMessage(this.causeMessage);
- assertThat(cause.getResolvedObj()).isNull();
- }
-
- @Test
- public void serializesWithSerializableNamingException() throws Exception {
- GemFireSecurityException instance = new GemFireSecurityException(this.message, this.serializableNamingException);
-
- GemFireSecurityException cloned = (GemFireSecurityException) SerializationUtils.clone(instance);
-
- assertThat(cloned).hasMessage(this.message).hasCause(this.serializableNamingException);
- NamingException cause = (NamingException) cloned.getCause();
- assertThat(cause).hasMessage(this.causeMessage);
- assertThat(cause.getResolvedObj()).isNotNull().isEqualTo(this.serializableResolvedObj);
- }
-
- @Test
- public void isSerializableReturnsTrueForSerializableClass() throws Exception {
- assertThat(new GemFireSecurityException("").isSerializable(this.serializableResolvedObj)).isTrue();
- }
-
- @Test
- public void isSerializableReturnsFalseForNonSerializableClass() throws Exception {
- assertThat(new GemFireSecurityException("").isSerializable(this.nonSerializableResolvedObj)).isFalse();
- }
-
- public Object clone(final Serializable object) {
- return SerializationUtils.clone(object);
- }
-
- public static class SerializableObject implements Serializable {
-
- private String name;
-
- SerializableObject(String name) {
- this.name = name;
- }
-
- @Override
- public boolean equals(Object o) {
- if (this == o) return true;
- if (o == null || getClass() != o.getClass()) return false;
-
- SerializableObject that = (SerializableObject) o;
-
- return name != null ? name.equals(that.name) : that.name == null;
-
- }
-
- @Override
- public int hashCode() {
- return name != null ? name.hashCode() : 0;
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientAuthDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientAuthDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientAuthDUnitTest.java
deleted file mode 100644
index 73bfcb4..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientAuthDUnitTest.java
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security;
-
-import static com.googlecode.catchexception.CatchException.*;
-import static org.assertj.core.api.Assertions.*;
-
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import com.gemstone.gemfire.cache.client.ClientCache;
-import com.gemstone.gemfire.cache.client.ClientCacheFactory;
-import com.gemstone.gemfire.cache.client.ClientRegionFactory;
-import com.gemstone.gemfire.cache.client.ClientRegionShortcut;
-import com.gemstone.gemfire.test.dunit.IgnoredException;
-import com.gemstone.gemfire.test.junit.categories.DistributedTest;
-import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-
-@Category({ DistributedTest.class, SecurityTest.class })
-public class IntegratedClientAuthDUnitTest extends AbstractSecureServerDUnitTest {
-
- @Test
- public void authWithCorrectPasswordShouldPass() {
- client1.invoke("logging in super-user with correct password", () -> {
- ClientCache cache = new ClientCacheFactory(createClientProperties("super-user", "1234567")).setPoolSubscriptionEnabled(true)
- .addPoolServer("localhost", serverPort)
- .create();
-
- ClientRegionFactory<String, String> crf = cache.createClientRegionFactory(ClientRegionShortcut.PROXY);
-
- crf.create(REGION_NAME);
- });
- }
-
- @Test
- public void authWithIncorrectPasswordShouldFail() {
- IgnoredException.addIgnoredException(AuthenticationFailedException.class.getName());
-
- client2.invoke("logging in super-user with wrong password", () -> {
- AuthenticationFailedException expected = new AuthenticationFailedException("Authentication error. Please check your credentials.");
-
- catchException(new ClientCacheFactory(createClientProperties("super-user", "wrong")).setPoolSubscriptionEnabled(true)
- .addPoolServer("localhost", serverPort))
- .create();
- assertThat((Throwable) caughtException()).hasCause(expected);
- });
- }
-}
-
-
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientContainsKeyAuthDistributedTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientContainsKeyAuthDistributedTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientContainsKeyAuthDistributedTest.java
deleted file mode 100644
index 336cf87..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientContainsKeyAuthDistributedTest.java
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security;
-
-import static org.junit.Assert.*;
-
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import com.gemstone.gemfire.cache.Region;
-import com.gemstone.gemfire.cache.client.ClientCache;
-import com.gemstone.gemfire.test.dunit.AsyncInvocation;
-import com.gemstone.gemfire.test.junit.categories.DistributedTest;
-import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-
-@Category({ DistributedTest.class, SecurityTest.class })
-public class IntegratedClientContainsKeyAuthDistributedTest extends AbstractSecureServerDUnitTest {
-
- @Test
- public void testContainsKey() throws InterruptedException {
- AsyncInvocation ai1 = client1.invokeAsync(() -> {
- ClientCache cache = createClientCache("key1User", "1234567", serverPort);
- final Region region = cache.getRegion(REGION_NAME);
- assertTrue(region.containsKeyOnServer("key1"));
- assertNotAuthorized(() -> region.containsKeyOnServer("key3"), "DATA:READ:AuthRegion:key3");
- });
-
- AsyncInvocation ai2 = client2.invokeAsync(() -> {
- ClientCache cache = createClientCache("authRegionReader", "1234567", serverPort);
- final Region region = cache.getRegion(REGION_NAME);
- region.containsKeyOnServer("key3");
- assertTrue(region.containsKeyOnServer("key1"));
- });
-
- ai1.join();
- ai2.join();
- ai1.checkException();
- ai2.checkException();
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientDestroyInvalidateAuthDistributedTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientDestroyInvalidateAuthDistributedTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientDestroyInvalidateAuthDistributedTest.java
deleted file mode 100644
index e811d86..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientDestroyInvalidateAuthDistributedTest.java
+++ /dev/null
@@ -1,84 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security;
-
-import static org.junit.Assert.*;
-
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import com.gemstone.gemfire.cache.Region;
-import com.gemstone.gemfire.cache.client.ClientCache;
-import com.gemstone.gemfire.cache.client.ClientCacheFactory;
-import com.gemstone.gemfire.cache.client.ClientRegionShortcut;
-import com.gemstone.gemfire.test.dunit.AsyncInvocation;
-import com.gemstone.gemfire.test.junit.categories.DistributedTest;
-import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-
-@Category({ DistributedTest.class, SecurityTest.class })
-public class IntegratedClientDestroyInvalidateAuthDistributedTest extends AbstractSecureServerDUnitTest {
-
- @Test
- public void testDestroyInvalidate() throws InterruptedException {
-
- // Delete one key and invalidate another key with an authorized user.
- AsyncInvocation ai1 = client1.invokeAsync(() -> {
- ClientCache cache = new ClientCacheFactory(createClientProperties("dataUser", "1234567")).setPoolSubscriptionEnabled(true)
- .addPoolServer("localhost", serverPort)
- .create();
-
- Region region = cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME);
- assertTrue(region.containsKeyOnServer("key1"));
-
- // Destroy key1
- region.destroy("key1");
- assertFalse(region.containsKeyOnServer("key1"));
-
- // Invalidate key2
- assertNotNull("Value of key2 should not be null", region.get("key2"));
- region.invalidate("key2");
- assertNull("Value of key2 should have been null", region.get("key2"));
-
- });
-
- // Delete one key and invalidate another key with an unauthorized user.
- AsyncInvocation ai2 = client2.invokeAsync(() -> {
- ClientCache cache = new ClientCacheFactory(createClientProperties("authRegionReader", "1234567")).setPoolSubscriptionEnabled(true)
- .addPoolServer("localhost", serverPort)
- .create();
-
- Region region = cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME);
-
- assertTrue(region.containsKeyOnServer("key3"));
-
- // Destroy key1
- assertNotAuthorized(() -> region.destroy("key3"), "DATA:WRITE:AuthRegion");
- assertTrue(region.containsKeyOnServer("key3"));
-
- // Invalidate key2
- assertNotNull("Value of key4 should not be null", region.get("key4"));
- assertNotAuthorized(() -> region.invalidate("key4"), "DATA:WRITE:AuthRegion");
- assertNotNull("Value of key4 should not be null", region.get("key4"));
- });
-
- ai1.join();
- ai2.join();
- ai1.checkException();
- ai2.checkException();
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientDestroyRegionAuthDistributedTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientDestroyRegionAuthDistributedTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientDestroyRegionAuthDistributedTest.java
deleted file mode 100644
index adb7c0b..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientDestroyRegionAuthDistributedTest.java
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security;
-
-import static org.assertj.core.api.Assertions.*;
-
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import com.gemstone.gemfire.cache.Region;
-import com.gemstone.gemfire.cache.client.ClientCache;
-import com.gemstone.gemfire.cache.client.ClientCacheFactory;
-import com.gemstone.gemfire.cache.client.ClientRegionShortcut;
-import com.gemstone.gemfire.test.junit.categories.DistributedTest;
-import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-
-@Category({ DistributedTest.class, SecurityTest.class })
-public class IntegratedClientDestroyRegionAuthDistributedTest extends AbstractSecureServerDUnitTest {
-
- @Test
- public void testDestroyRegion() throws InterruptedException {
- client1.invoke(() -> {
- ClientCache cache = new ClientCacheFactory(createClientProperties("dataWriter", "1234567")).setPoolSubscriptionEnabled(true)
- .addPoolServer("localhost", serverPort)
- .create();
-
- Region region = cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME);
- assertNotAuthorized(() -> region.destroyRegion(), "DATA:MANAGE");
- });
-
- client2.invoke(() -> {
- ClientCache cache = new ClientCacheFactory(createClientProperties("authRegionManager", "1234567")).setPoolSubscriptionEnabled(true)
- .addPoolServer("localhost", serverPort)
- .create();
-
- Region region = cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME);
- assertNotAuthorized(() -> region.destroyRegion(), "DATA:MANAGE");
- });
-
- client3.invoke(() -> {
- ClientCache cache = new ClientCacheFactory(createClientProperties("super-user", "1234567")).setPoolSubscriptionEnabled(true)
- .addPoolServer("localhost", serverPort)
- .create();
-
- Region region = cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME);
- region.destroyRegion();
- assertThat(region.isDestroyed()).isTrue();
- });
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientExecuteFunctionAuthDistributedTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientExecuteFunctionAuthDistributedTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientExecuteFunctionAuthDistributedTest.java
deleted file mode 100644
index bf4b027..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientExecuteFunctionAuthDistributedTest.java
+++ /dev/null
@@ -1,61 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security;
-
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import com.gemstone.gemfire.cache.client.ClientCache;
-import com.gemstone.gemfire.cache.execute.Function;
-import com.gemstone.gemfire.cache.execute.FunctionService;
-import com.gemstone.gemfire.cache.execute.ResultCollector;
-import com.gemstone.gemfire.internal.cache.functions.TestFunction;
-import com.gemstone.gemfire.test.junit.categories.DistributedTest;
-import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-
-@Category({ DistributedTest.class, SecurityTest.class })
-public class IntegratedClientExecuteFunctionAuthDistributedTest extends AbstractSecureServerDUnitTest {
-
- private final static Function function = new TestFunction(true, TestFunction.TEST_FUNCTION1);
-
- @Test
- public void testExecuteRegionFunction() {
-
- FunctionService.registerFunction(function);
-
- client1.invoke("logging in with dataReader", () -> {
- ClientCache cache = createClientCache("dataReader", "1234567", serverPort);
-
- FunctionService.registerFunction(function);
- assertNotAuthorized(() -> FunctionService.onServer(cache.getDefaultPool())
- .withArgs(Boolean.TRUE)
- .execute(function.getId()), "DATA:WRITE");
- });
-
- client2.invoke("logging in with super-user", () -> {
- ClientCache cache = createClientCache("super-user", "1234567", serverPort);
-
- FunctionService.registerFunction(function);
- ResultCollector rc = FunctionService.onServer(cache.getDefaultPool())
- .withArgs(Boolean.TRUE)
- .execute(function.getId());
- rc.getResult();
- });
- }
-}
-
-
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientExecuteRegionFunctionAuthDistributedTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientExecuteRegionFunctionAuthDistributedTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientExecuteRegionFunctionAuthDistributedTest.java
deleted file mode 100644
index 08425a0..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientExecuteRegionFunctionAuthDistributedTest.java
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security;
-
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import com.gemstone.gemfire.cache.client.ClientCache;
-import com.gemstone.gemfire.cache.execute.Function;
-import com.gemstone.gemfire.cache.execute.FunctionService;
-import com.gemstone.gemfire.cache.execute.ResultCollector;
-import com.gemstone.gemfire.internal.cache.functions.TestFunction;
-import com.gemstone.gemfire.test.junit.categories.DistributedTest;
-import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-
-@Category({ DistributedTest.class, SecurityTest.class })
-public class IntegratedClientExecuteRegionFunctionAuthDistributedTest
- extends AbstractSecureServerDUnitTest {
-
- private final static Function function = new TestFunction(true, TestFunction.TEST_FUNCTION1);
-
- @Test
- public void testExecuteRegionFunction() {
-
- FunctionService.registerFunction(function);
-
- client1.invoke("logging in with dataReader", () -> {
- ClientCache cache = createClientCache("dataReader", "1234567", serverPort);
-
- FunctionService.registerFunction(function);
- assertNotAuthorized(() -> FunctionService.onRegion(cache.getRegion(REGION_NAME))
- .withArgs(Boolean.TRUE)
- .execute(function.getId()), "DATA:WRITE");
- });
-
- client2.invoke("logging in with super-user", () -> {
- ClientCache cache = createClientCache("super-user", "1234567", serverPort);
-
- FunctionService.registerFunction(function);
- ResultCollector rc = FunctionService.onRegion(cache.getRegion(REGION_NAME))
- .withArgs(Boolean.TRUE)
- .execute(function.getId());
- rc.getResult();
- });
- }
-}
-
-
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientGetAllAuthDistributedTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientGetAllAuthDistributedTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientGetAllAuthDistributedTest.java
deleted file mode 100644
index 1931633..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientGetAllAuthDistributedTest.java
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security;
-
-import static com.gemstone.gemfire.internal.Assert.assertTrue;
-import static org.jgroups.util.Util.*;
-
-import java.util.Arrays;
-import java.util.Map;
-
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import com.gemstone.gemfire.cache.Region;
-import com.gemstone.gemfire.cache.client.ClientCache;
-import com.gemstone.gemfire.test.junit.categories.DistributedTest;
-import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-
-@Category({ DistributedTest.class, SecurityTest.class })
-public class IntegratedClientGetAllAuthDistributedTest extends AbstractSecureServerDUnitTest {
-
- @Test
- public void testGetAll() {
- client1.invoke("logging in Stranger", () -> {
- ClientCache cache = createClientCache("stranger", "1234567", serverPort);
-
- Region region = cache.getRegion(REGION_NAME);
- Map emptyMap = region.getAll(Arrays.asList("key1", "key2", "key3", "key4"));
- assertTrue(emptyMap.isEmpty());
- });
-
- client2.invoke("logging in authRegionReader", () -> {
- ClientCache cache = createClientCache("authRegionReader", "1234567", serverPort);
-
- Region region = cache.getRegion(REGION_NAME);
- Map filledMap = region.getAll(Arrays.asList("key1", "key2", "key3", "key4"));
- assertEquals("Map should contain 4 entries", 4, filledMap.size());
- assertTrue(filledMap.containsKey("key1"));
- });
- }
-}
-
-
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientGetClientPRMetaDataAuthDistributedTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientGetClientPRMetaDataAuthDistributedTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientGetClientPRMetaDataAuthDistributedTest.java
deleted file mode 100644
index 2f2a013..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientGetClientPRMetaDataAuthDistributedTest.java
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security;
-
-import org.junit.Ignore;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import com.gemstone.gemfire.cache.Region;
-import com.gemstone.gemfire.cache.client.ClientCache;
-import com.gemstone.gemfire.cache.client.ClientCacheFactory;
-import com.gemstone.gemfire.cache.client.ClientRegionShortcut;
-import com.gemstone.gemfire.cache.client.internal.ClientMetadataService;
-import com.gemstone.gemfire.internal.cache.GemFireCacheImpl;
-import com.gemstone.gemfire.internal.cache.LocalRegion;
-import com.gemstone.gemfire.test.junit.categories.DistributedTest;
-import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-
-@Category({ DistributedTest.class, SecurityTest.class })
-public class IntegratedClientGetClientPRMetaDataAuthDistributedTest
- extends AbstractSecureServerDUnitTest {
-
- @Test
- @Ignore("This is not a supported client message")
- // this would fail sporadically because ServerConnection.isInternalMessage would return true for this message,
- // and it won't bind the correct subject on the executing thread.
- public void testGetClientPartitionAttrCmd() {
- client1.invoke("logging in stranger", () -> {
- ClientCache cache = new ClientCacheFactory(createClientProperties("stranger", "1234567")).setPoolSubscriptionEnabled(true)
- .addPoolServer("localhost", serverPort)
- .create();
-
- Region region = cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME);
-
- ClientMetadataService service = ((GemFireCacheImpl) cache).getClientMetadataService();
- assertNotAuthorized(() -> service.getClientPRMetadata((LocalRegion) cache.getRegion(region.getName())), "CLUSTER:READ");
- });
-
- client2.invoke("logging in super-user", () -> {
- ClientCache cache = new ClientCacheFactory(createClientProperties("super-user", "1234567")).setPoolSubscriptionEnabled(true)
- .addPoolServer("localhost", serverPort)
- .create();
-
- Region region = cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME);
-
- ClientMetadataService service = ((GemFireCacheImpl) cache).getClientMetadataService();
- service.getClientPRMetadata((LocalRegion) cache.getRegion(region.getName()));
- });
- }
-}
-
-
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientGetClientPartitionAttrCmdAuthDistributedTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientGetClientPartitionAttrCmdAuthDistributedTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientGetClientPartitionAttrCmdAuthDistributedTest.java
deleted file mode 100644
index b18ca98..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientGetClientPartitionAttrCmdAuthDistributedTest.java
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security;
-
-import org.junit.Ignore;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import com.gemstone.gemfire.cache.client.ClientCache;
-import com.gemstone.gemfire.cache.client.internal.GetClientPartitionAttributesOp;
-import com.gemstone.gemfire.cache.client.internal.PoolImpl;
-import com.gemstone.gemfire.test.junit.categories.DistributedTest;
-import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-
-@Category({ DistributedTest.class, SecurityTest.class })
-public class IntegratedClientGetClientPartitionAttrCmdAuthDistributedTest
- extends AbstractSecureServerDUnitTest {
-
- @Test
- @Ignore("This is not a supported client message")
- // this would fail sporatically because ServerConnection.isInternalMessage would return true for this message,
- // and it won't bind the correct subject on the executing thread.
- public void testGetClientPartitionAttrCmd() {
- client1.invoke("logging in stranger", () -> {
- ClientCache cache = createClientCache("stranger", "1234567", serverPort);
-
- assertNotAuthorized(() -> GetClientPartitionAttributesOp.execute((PoolImpl) cache.getDefaultPool(), REGION_NAME), "CLUSTER:READ");
- });
-
- client2.invoke("logging in super-user with correct password", () -> {
- ClientCache cache = createClientCache("super-user", "1234567", serverPort);
-
- GetClientPartitionAttributesOp.execute((PoolImpl) cache.getDefaultPool(), REGION_NAME);
- });
- }
-}
-
-
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientGetEntryAuthDistributedTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientGetEntryAuthDistributedTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientGetEntryAuthDistributedTest.java
deleted file mode 100644
index 656659e..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientGetEntryAuthDistributedTest.java
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security;
-
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import com.gemstone.gemfire.cache.CacheTransactionManager;
-import com.gemstone.gemfire.cache.Region;
-import com.gemstone.gemfire.cache.client.ClientCache;
-import com.gemstone.gemfire.cache.client.ClientCacheFactory;
-import com.gemstone.gemfire.cache.client.ClientRegionShortcut;
-import com.gemstone.gemfire.test.dunit.AsyncInvocation;
-import com.gemstone.gemfire.test.junit.categories.DistributedTest;
-import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-
-@Category({ DistributedTest.class, SecurityTest.class })
-public class IntegratedClientGetEntryAuthDistributedTest extends AbstractSecureServerDUnitTest {
-
- @Test
- public void testGetEntry() throws InterruptedException {
- // client1 connects to server as a user not authorized to do any operations
-
- AsyncInvocation ai1 = client1.invokeAsync(() -> {
- ClientCache cache = new ClientCacheFactory(createClientProperties("stranger", "1234567")).setPoolSubscriptionEnabled(true)
- .addPoolServer("localhost", serverPort)
- .create();
-
- CacheTransactionManager transactionManager = cache.getCacheTransactionManager();
- transactionManager.begin();
- try {
- Region region = cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME);
- assertNotAuthorized(() -> region.getEntry("key3"), "DATA:READ:AuthRegion:key3");
- } finally {
- transactionManager.commit();
- }
-
- });
-
- AsyncInvocation ai2 = client2.invokeAsync(() -> {
- ClientCache cache = new ClientCacheFactory(createClientProperties("authRegionReader", "1234567")).setPoolSubscriptionEnabled(true)
- .addPoolServer("localhost", serverPort)
- .create();
-
- CacheTransactionManager transactionManager = cache.getCacheTransactionManager();
- transactionManager.begin();
- try {
- Region region = cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME);
- region.getEntry("key3");
- } finally {
- transactionManager.commit();
- }
-
- });
-
- ai1.join();
- ai2.join();
- ai1.checkException();
- ai2.checkException();
-
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientGetPutAuthDistributedTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientGetPutAuthDistributedTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientGetPutAuthDistributedTest.java
deleted file mode 100644
index 6d4374d..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientGetPutAuthDistributedTest.java
+++ /dev/null
@@ -1,116 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security;
-
-import static org.junit.Assert.*;
-
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import com.gemstone.gemfire.cache.Region;
-import com.gemstone.gemfire.cache.client.ClientCache;
-import com.gemstone.gemfire.test.dunit.AsyncInvocation;
-import com.gemstone.gemfire.test.junit.categories.DistributedTest;
-import com.gemstone.gemfire.test.junit.categories.FlakyTest;
-import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-
-@Category({ DistributedTest.class, SecurityTest.class, FlakyTest.class })
-public class IntegratedClientGetPutAuthDistributedTest extends AbstractSecureServerDUnitTest {
-
- @Test
- public void testGetPutAuthorization() throws InterruptedException {
- Map<String, String> allValues = new HashMap<String, String>();
- allValues.put("key1", "value1");
- allValues.put("key2", "value2");
-
- List<String> keys = new ArrayList<>();
- keys.add("key1");
- keys.add("key2");
-
- // client1 connects to server as a user not authorized to do any operations
- AsyncInvocation ai1 = client1.invokeAsync(()->{
- ClientCache cache = createClientCache("stranger", "1234567", serverPort);
- Region region = cache.getRegion(REGION_NAME);
-
- assertNotAuthorized(() -> region.put("key3", "value3"), "DATA:WRITE:AuthRegion:key3");
- assertNotAuthorized(() -> region.get("key3"), "DATA:READ:AuthRegion:key3");
-
- //putall
- assertNotAuthorized(() -> region.putAll(allValues), "DATA:WRITE:AuthRegion");
-
- // not authorized for either keys, get no record back
- Map keyValues = region.getAll(keys);
- assertEquals(0, keyValues.size());
-
- assertNotAuthorized(() -> region.keySetOnServer(), "DATA:READ:AuthRegion");
- });
-
-
- // client2 connects to user as a user authorized to use AuthRegion region
- AsyncInvocation ai2 = client2.invokeAsync(()->{
- ClientCache cache = createClientCache("authRegionUser", "1234567", serverPort);
- Region region = cache.getRegion(REGION_NAME);
-
- region.put("key3", "value3");
- assertEquals("value3", region.get("key3"));
-
- // put all
- region.putAll(allValues);
-
- // get all
- Map keyValues = region.getAll(keys);
- assertEquals(2, keyValues.size());
-
- // keyset
- Set keySet = region.keySetOnServer();
- assertEquals(5, keySet.size());
- });
-
- // client3 connects to user as a user authorized to use key1 in AuthRegion region
- AsyncInvocation ai3 = client3.invokeAsync(()->{
- ClientCache cache = createClientCache("key1User", "1234567", serverPort);
- Region region = cache.getRegion(REGION_NAME);
-
- assertNotAuthorized(() -> region.put("key2", "value1"), "DATA:WRITE:AuthRegion:key2");
- assertNotAuthorized(() -> region.get("key2"), "DATA:READ:AuthRegion:key2");
-
- assertNotAuthorized(() -> region.putAll(allValues), "DATA:WRITE:AuthRegion");
-
- // only authorized for one recrod
- Map keyValues = region.getAll(keys);
- assertEquals(1, keyValues.size());
-
- // keyset
- assertNotAuthorized(() -> region.keySetOnServer(), "DATA:READ:AuthRegion");
- });
-
- ai1.join();
- ai2.join();
- ai3.join();
-
- ai1.checkException();
- ai2.checkException();
- ai3.checkException();
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientRegionClearAuthDistributedTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientRegionClearAuthDistributedTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientRegionClearAuthDistributedTest.java
deleted file mode 100644
index 3c5a2ef..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientRegionClearAuthDistributedTest.java
+++ /dev/null
@@ -1,63 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security;
-
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import com.gemstone.gemfire.cache.Region;
-import com.gemstone.gemfire.cache.client.ClientCache;
-import com.gemstone.gemfire.cache.client.ClientCacheFactory;
-import com.gemstone.gemfire.cache.client.ClientRegionShortcut;
-import com.gemstone.gemfire.test.dunit.SerializableRunnable;
-import com.gemstone.gemfire.test.junit.categories.DistributedTest;
-import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-
-@Category({ DistributedTest.class, SecurityTest.class })
-public class IntegratedClientRegionClearAuthDistributedTest extends AbstractSecureServerDUnitTest {
-
- @Test
- public void testRegionClear() throws InterruptedException {
- // Verify that an unauthorized user can't clear the region
- SerializableRunnable clearUnauthorized = new SerializableRunnable() {
- @Override
- public void run() {
- ClientCache cache = new ClientCacheFactory(createClientProperties("stranger", "1234567")).setPoolSubscriptionEnabled(true)
- .addPoolServer("localhost", serverPort)
- .create();
-
- Region region = cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME);
- assertNotAuthorized(() -> region.clear(), "DATA:WRITE:AuthRegion");
- }
- };
- client1.invoke(clearUnauthorized);
-
- // Verify that an authorized user can clear the region
- SerializableRunnable clearAuthorized = new SerializableRunnable() {
- @Override
- public void run() {
- ClientCache cache = new ClientCacheFactory(createClientProperties("authRegionUser", "1234567")).setPoolSubscriptionEnabled(true)
- .addPoolServer("localhost", serverPort)
- .create();
-
- Region region = cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME);
- region.clear();
- }
- };
- client2.invoke(clearAuthorized);
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientRegisterInterestAuthDistributedTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientRegisterInterestAuthDistributedTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientRegisterInterestAuthDistributedTest.java
deleted file mode 100644
index 8e67ead..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientRegisterInterestAuthDistributedTest.java
+++ /dev/null
@@ -1,164 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import com.gemstone.gemfire.cache.Region;
-import com.gemstone.gemfire.cache.client.ClientCache;
-import com.gemstone.gemfire.cache.client.ClientCacheFactory;
-import com.gemstone.gemfire.cache.client.ClientRegionShortcut;
-import com.gemstone.gemfire.test.dunit.AsyncInvocation;
-import com.gemstone.gemfire.test.junit.categories.DistributedTest;
-import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-
-@Category({ DistributedTest.class, SecurityTest.class })
-public class IntegratedClientRegisterInterestAuthDistributedTest extends AbstractSecureServerDUnitTest {
-
- @Test
- public void testRegisterInterest() throws InterruptedException {
- // client1 connects to server as a user not authorized to do any operations
- AsyncInvocation ai1 = client1.invokeAsync(() -> {
- ClientCache cache = new ClientCacheFactory(createClientProperties("stranger", "1234567")).setPoolSubscriptionEnabled(true)
- .addPoolServer("localhost", serverPort)
- .create();
-
- Region region = cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME);
- assertNotAuthorized(() -> region.registerInterest("key3"), "DATA:READ:AuthRegion:key3");
- });
-
- // client2 connects to user as a user authorized to use AuthRegion region
- AsyncInvocation ai2 = client2.invokeAsync(() -> {
- ClientCache cache = new ClientCacheFactory(createClientProperties("authRegionUser", "1234567")).setPoolSubscriptionEnabled(true)
- .addPoolServer("localhost", serverPort)
- .create();
-
- Region region = cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME);
- region.registerInterest("key3"); // DATA:READ:AuthRegion:key3;
- });
-
- // client3 connects to user as a user authorized to use key1 in AuthRegion region
- AsyncInvocation ai3 = client3.invokeAsync(() -> {
- ClientCache cache = new ClientCacheFactory(createClientProperties("key1User", "1234567")).setPoolSubscriptionEnabled(true)
- .addPoolServer("localhost", serverPort)
- .create();
-
- Region region = cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME);
- assertNotAuthorized(() -> region.registerInterest("key2"), "DATA:READ:AuthRegion:key2");
- });
-
- ai1.join();
- ai2.join();
- ai3.join();
-
- ai1.checkException();
- ai2.checkException();
- ai3.checkException();
- }
-
- @Test
- public void testRegisterInterestRegex() throws InterruptedException {
- //client1 connects to server as a user not authorized to do any operations
- AsyncInvocation ai1 = client1.invokeAsync(() -> {
- ClientCache cache = new ClientCacheFactory(createClientProperties("stranger", "1234567")).setPoolSubscriptionEnabled(true)
- .addPoolServer("localhost", serverPort)
- .create();
-
- Region region = cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME);
- assertNotAuthorized(() -> region.registerInterestRegex("key.*"), "DATA:READ:AuthRegion");
- });
-
- // client2 connects to user as a user authorized to use AuthRegion region
- AsyncInvocation ai2 = client2.invokeAsync(() -> {
- ClientCache cache = new ClientCacheFactory(createClientProperties("authRegionUser", "1234567")).setPoolSubscriptionEnabled(true)
- .addPoolServer("localhost", serverPort)
- .create();
-
- Region region = cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME);
- region.registerInterestRegex("key[0-9]+"); // DATA:READ:AuthRegion:key3;
- });
-
- // client3 connects to user as a user authorized to use key1 in AuthRegion region
- AsyncInvocation ai3 = client3.invokeAsync(() -> {
- ClientCache cache = new ClientCacheFactory(createClientProperties("key1User", "1234567")).setPoolSubscriptionEnabled(true)
- .addPoolServer("localhost", serverPort)
- .create();
-
- Region region = cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME);
- assertNotAuthorized(() -> region.registerInterestRegex("key[0-9]+"), "DATA:READ:AuthRegion");
- assertNotAuthorized(() -> region.registerInterestRegex("key1"), "DATA:READ:AuthRegion");
- });
-
- ai1.join();
- ai2.join();
- ai3.join();
-
- ai1.checkException();
- ai2.checkException();
- ai3.checkException();
- }
-
- @Test
- public void testRegisterInterestList() throws InterruptedException {
- List<String> keys = new ArrayList<>();
- keys.add("key1");
- keys.add("key2");
-
- //client1 connects to server as a user not authorized to do any operations
- AsyncInvocation ai1 = client1.invokeAsync(() -> {
- ClientCache cache = new ClientCacheFactory(createClientProperties("stranger", "1234567")).setPoolSubscriptionEnabled(true)
- .addPoolServer("localhost", serverPort)
- .create();
-
- Region region = cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME);
- assertNotAuthorized(() -> region.registerInterest(keys), "DATA:READ:AuthRegion");
- });
-
- // client2 connects to user as a user authorized to use AuthRegion region
- AsyncInvocation ai2 = client2.invokeAsync(() -> {
- ClientCache cache = new ClientCacheFactory(createClientProperties("authRegionUser", "1234567")).setPoolSubscriptionEnabled(true)
- .addPoolServer("localhost", serverPort)
- .create();
-
- Region region = cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME);
- region.registerInterest(keys); // DATA:READ:AuthRegion;
- });
-
- // client3 connects to user as a user authorized to use key1 in AuthRegion region
- AsyncInvocation ai3 = client3.invokeAsync(() -> {
- ClientCache cache = new ClientCacheFactory(createClientProperties("key1User", "1234567")).setPoolSubscriptionEnabled(true)
- .addPoolServer("localhost", serverPort)
- .create();
-
- Region region = cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME);
- assertNotAuthorized(() -> region.registerInterest(keys), "DATA:READ:AuthRegion");
- });
-
- ai1.join();
- ai2.join();
- ai3.join();
-
- ai1.checkException();
- ai2.checkException();
- ai3.checkException();
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientRemoveAllAuthDistributedTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientRemoveAllAuthDistributedTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientRemoveAllAuthDistributedTest.java
deleted file mode 100644
index 357ed98..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientRemoveAllAuthDistributedTest.java
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security;
-
-import static org.junit.Assert.*;
-
-import java.util.Arrays;
-
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import com.gemstone.gemfire.cache.Region;
-import com.gemstone.gemfire.cache.client.ClientCache;
-import com.gemstone.gemfire.cache.client.ClientCacheFactory;
-import com.gemstone.gemfire.cache.client.ClientRegionShortcut;
-import com.gemstone.gemfire.test.dunit.AsyncInvocation;
-import com.gemstone.gemfire.test.junit.categories.DistributedTest;
-import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-
-@Category({ DistributedTest.class, SecurityTest.class })
-public class IntegratedClientRemoveAllAuthDistributedTest extends AbstractSecureServerDUnitTest {
-
- @Test
- public void testRemoveAll() throws InterruptedException {
-
- AsyncInvocation ai1 = client1.invokeAsync(() -> {
- ClientCache cache = new ClientCacheFactory(createClientProperties("authRegionReader", "1234567")).setPoolSubscriptionEnabled(true)
- .addPoolServer("localhost", serverPort)
- .create();
-
- Region region = cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME);
- assertNotAuthorized(() -> region.removeAll(Arrays.asList("key1", "key2", "key3", "key4")), "DATA:WRITE:AuthRegion");
- });
-
- AsyncInvocation ai2 = client2.invokeAsync(() -> {
- ClientCache cache = new ClientCacheFactory(createClientProperties("authRegionWriter", "1234567")).setPoolSubscriptionEnabled(true)
- .addPoolServer("localhost", serverPort)
- .create();
-
- Region region = cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME);
- region.removeAll(Arrays.asList("key1", "key2", "key3", "key4"));
- assertFalse(region.containsKey("key1"));
- assertNotAuthorized(() -> region.containsKeyOnServer("key1"), "DATA:READ:AuthRegion:key1");
- });
- ai1.join();
- ai2.join();
- ai1.checkException();
- ai2.checkException();
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientSizeAuthDistributedTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientSizeAuthDistributedTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientSizeAuthDistributedTest.java
deleted file mode 100644
index 8ca6995..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientSizeAuthDistributedTest.java
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security;
-
-import org.junit.Ignore;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import com.gemstone.gemfire.cache.client.ClientCache;
-import com.gemstone.gemfire.cache.client.internal.InternalPool;
-import com.gemstone.gemfire.cache.client.internal.SizeOp;
-import com.gemstone.gemfire.test.dunit.AsyncInvocation;
-import com.gemstone.gemfire.test.junit.categories.DistributedTest;
-import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-
-@Category({ DistributedTest.class, SecurityTest.class })
-public class IntegratedClientSizeAuthDistributedTest extends AbstractSecureServerDUnitTest {
-
- @Test
- @Ignore("This is not a supported client message")
- // this would fail sporadically because ServerConnection.isInternalMessage would return true for this message,
- // and it won't bind the correct subject on the executing thread.
- public void testSize() throws InterruptedException {
-
- AsyncInvocation ai1 = client1.invokeAsync(() -> {
- ClientCache cache = createClientCache("dataWriter", "1234567", serverPort);
- assertNotAuthorized(() -> SizeOp.execute((InternalPool) cache.getDefaultPool(), REGION_NAME), "DATA:READ:AuthRegion");
- });
-
- AsyncInvocation ai2 = client2.invokeAsync(() -> {
- ClientCache cache = createClientCache("authRegionReader", "1234567", serverPort);
- SizeOp.execute((InternalPool) cache.getDefaultPool(), REGION_NAME);
- });
-
- ai1.join();
- ai2.join();
- ai1.checkException();
- ai2.checkException();
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientUnregisterInterestAuthDistributedTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientUnregisterInterestAuthDistributedTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientUnregisterInterestAuthDistributedTest.java
deleted file mode 100644
index 14edeb4..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientUnregisterInterestAuthDistributedTest.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security;
-
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import com.gemstone.gemfire.cache.Region;
-import com.gemstone.gemfire.cache.client.ClientCache;
-import com.gemstone.gemfire.cache.client.ClientCacheFactory;
-import com.gemstone.gemfire.cache.client.ClientRegionShortcut;
-import com.gemstone.gemfire.test.dunit.AsyncInvocation;
-import com.gemstone.gemfire.test.junit.categories.DistributedTest;
-import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-
-@Category({ DistributedTest.class, SecurityTest.class })
-public class IntegratedClientUnregisterInterestAuthDistributedTest extends AbstractSecureServerDUnitTest {
-
- @Test
- public void testUnregisterInterest() throws InterruptedException {
- // client2 connects to user as a user authorized to use AuthRegion region
- AsyncInvocation ai1 = client2.invokeAsync(() -> {
- ClientCache cache = new ClientCacheFactory(createClientProperties("authRegionUser", "1234567")).setPoolSubscriptionEnabled(true)
- .addPoolServer("localhost", serverPort)
- .create();
-
- Region region = cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME);
- region.registerInterest("key3");
- region.unregisterInterest("key3"); // DATA:READ:AuthRegion:key3;
- });
- ai1.join();
- ai1.checkException();
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleDistributedTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleDistributedTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleDistributedTest.java
deleted file mode 100644
index 2920fd5..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleDistributedTest.java
+++ /dev/null
@@ -1,134 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security;
-
-import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
-import static org.assertj.core.api.Assertions.*;
-
-import java.io.IOException;
-import java.util.Properties;
-
-import org.apache.geode.security.templates.SampleSecurityManager;
-import org.junit.Ignore;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import com.gemstone.gemfire.cache.server.CacheServer;
-import com.gemstone.gemfire.internal.AvailablePort;
-import com.gemstone.gemfire.internal.security.IntegratedSecurityService;
-import com.gemstone.gemfire.internal.security.SecurityService;
-import com.gemstone.gemfire.internal.AvailablePortHelper;
-import com.gemstone.gemfire.management.ManagementService;
-import com.gemstone.gemfire.test.dunit.DistributedTestUtils;
-import com.gemstone.gemfire.test.dunit.Host;
-import com.gemstone.gemfire.test.dunit.NetworkUtils;
-import com.gemstone.gemfire.test.dunit.VM;
-import com.gemstone.gemfire.test.dunit.cache.internal.JUnit4CacheTestCase;
-import com.gemstone.gemfire.test.junit.categories.DistributedTest;
-import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-
-@Ignore("This is broken but fixed on feature/GEODE-1673")
-@Category({DistributedTest.class, SecurityTest.class})
-public class IntegratedSecurityCacheLifecycleDistributedTest extends JUnit4CacheTestCase {
-
- private String locators;
- private VM locator;
- private SecurityService securityService;
-
- @Override
- public final void postSetUp() throws Exception {
- Host host = Host.getHost(0);
- locator = host.getVM(0);
-
- securityService = IntegratedSecurityService.getSecurityService();
-
- int[] ports = AvailablePortHelper.getRandomAvailableTCPPorts(2);
- int locatorPort = ports[0];
- int managerPort = ports[1];
-
- locators = NetworkUtils.getServerHostName(host) + "[" + locatorPort + "]";
-
- locator.invoke(() -> {
- DistributedTestUtils.deleteLocatorStateFile(locatorPort);
-
- final Properties properties = new Properties();
- properties.setProperty(SampleSecurityManager.SECURITY_JSON, "com/gemstone/gemfire/management/internal/security/clientServer.json");
- properties.setProperty(LOCATORS, locators);
- properties.setProperty(MCAST_PORT, "0");
- properties.setProperty(SECURITY_ENABLED_COMPONENTS, "");
- properties.setProperty(SECURITY_MANAGER, SpySecurityManager.class.getName());
- properties.setProperty(START_LOCATOR, locators);
- properties.setProperty(JMX_MANAGER, "true");
- properties.setProperty(JMX_MANAGER_START, "true");
- properties.setProperty(JMX_MANAGER_PORT, String.valueOf(managerPort));
- properties.setProperty(USE_CLUSTER_CONFIGURATION, "false");
- getSystem(properties);
- getCache();
- });
- }
-
- @Test
- public void initAndCloseTest() throws Exception {
- connect();
-
- {
- ManagementService ms = ManagementService.getExistingManagementService(getCache());
- assertThat(ms).isNotNull();
- assertThat(ms.isManager()).isFalse();
-
- verifyInitCloseInvoked();
- }
-
- locator.invoke(() -> {
- ManagementService ms = ManagementService.getExistingManagementService(getCache());
- assertThat(ms).isNotNull();
- assertThat(ms.isManager()).isTrue();
-
- verifyInitCloseInvoked();
- });
- }
-
- private void connect() throws IOException {
- final Properties properties = new Properties();
- properties.setProperty(SampleSecurityManager.SECURITY_JSON, "com/gemstone/gemfire/management/internal/security/clientServer.json");
- properties.setProperty(LOCATORS, locators);
- properties.setProperty(MCAST_PORT, "0");
- properties.setProperty(SECURITY_ENABLED_COMPONENTS, "");
- properties.setProperty(SECURITY_MANAGER, SpySecurityManager.class.getName());
- properties.setProperty(USE_CLUSTER_CONFIGURATION, "false");
-
- getSystem(properties);
-
- CacheServer server1 = getCache().addCacheServer();
- server1.setPort(0);
- server1.start();
-
- getCache();
- }
-
- @Override
- public void postTearDownCacheTestCase() throws Exception {
- closeAllCache();
- }
-
- private void verifyInitCloseInvoked() {
- SpySecurityManager ssm = (SpySecurityManager) this.securityService.getSecurityManager();
- assertThat(ssm.initInvoked).isEqualTo(1);
- getCache().close();
- assertThat(ssm.closeInvoked).isEqualTo(1);
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleIntegrationTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleIntegrationTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleIntegrationTest.java
deleted file mode 100644
index 8cb894a..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityCacheLifecycleIntegrationTest.java
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security;
-
-import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
-import static org.assertj.core.api.Assertions.*;
-import static org.mockito.Mockito.*;
-
-import java.util.Properties;
-
-import com.gemstone.gemfire.cache.Cache;
-import com.gemstone.gemfire.cache.CacheFactory;
-import com.gemstone.gemfire.internal.security.IntegratedSecurityService;
-import com.gemstone.gemfire.internal.security.SecurityService;
-import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
-import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-@Category({IntegrationTest.class, SecurityTest.class})
-public class IntegratedSecurityCacheLifecycleIntegrationTest {
-
- private Properties securityProps;
- private Cache cache;
- private SecurityService securityService;
-
- @Before
- public void before() {
- securityService = IntegratedSecurityService.getSecurityService();
-
- securityProps = new Properties();
- securityProps.setProperty(SECURITY_MANAGER, SpySecurityManager.class.getName());
-
- Properties props = new Properties();
- props.putAll(securityProps);
- props.setProperty(MCAST_PORT, "0");
- props.setProperty(LOCATORS, "");
-
- cache = new CacheFactory(props).create();
- }
-
- @After
- public void after() {
- if (cache != null && !cache.isClosed()) {
- cache.close();
- }
- }
-
- @Test
- public void initAndCloseTest () {
- SpySecurityManager ssm = (SpySecurityManager)securityService.getSecurityManager();
- assertThat(ssm.initInvoked).isEqualTo(1);
- cache.close();
- assertThat(ssm.closeInvoked).isEqualTo(1);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityPeerAuthDistributedTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityPeerAuthDistributedTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityPeerAuthDistributedTest.java
deleted file mode 100644
index 7a4830d..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedSecurityPeerAuthDistributedTest.java
+++ /dev/null
@@ -1,146 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security;
-
-import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
-import static com.gemstone.gemfire.test.dunit.Invoke.*;
-import static org.assertj.core.api.Assertions.*;
-
-import java.util.Properties;
-
-import com.gemstone.gemfire.internal.AvailablePort;
-import com.gemstone.gemfire.security.templates.UserPasswordAuthInit;
-import com.gemstone.gemfire.test.dunit.DistributedTestUtils;
-import com.gemstone.gemfire.test.dunit.Host;
-import com.gemstone.gemfire.test.dunit.NetworkUtils;
-import com.gemstone.gemfire.test.dunit.VM;
-import com.gemstone.gemfire.test.dunit.cache.internal.JUnit4CacheTestCase;
-import com.gemstone.gemfire.test.junit.categories.DistributedTest;
-import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-
-import org.apache.geode.security.templates.SampleSecurityManager;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-@Category({ DistributedTest.class, SecurityTest.class })
-public class IntegratedSecurityPeerAuthDistributedTest extends JUnit4CacheTestCase{
-
- private static SpySecurityManager spySecurityManager;
-
- private VM locator;
- private VM server1;
- private VM server2;
-
- private String locators;
-
- @Override
- public final void postSetUp() throws Exception {
- Host host = Host.getHost(0);
- locator = host.getVM(0);
- server1 = host.getVM(1);
- server2 = host.getVM(2);
-
- int locatorPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
- locators = NetworkUtils.getServerHostName(host) + "[" + locatorPort + "]";
-
- locator.invoke(() -> {
- spySecurityManager = new SpySecurityManager();
-
- DistributedTestUtils.deleteLocatorStateFile(locatorPort);
-
- final Properties properties = createProperties(locators);
- properties.setProperty(SampleSecurityManager.SECURITY_JSON, "com/gemstone/gemfire/security/peerAuth.json");
- properties.setProperty(UserPasswordAuthInit.USER_NAME, "locator1");
- properties.setProperty(UserPasswordAuthInit.PASSWORD, "1234567");
- properties.setProperty(START_LOCATOR, locators);
-
- getSystem(properties);
- getCache();
- });
-
- server1.invoke(()-> {
- spySecurityManager = new SpySecurityManager();
-
- final Properties properties = createProperties(locators);
- properties.setProperty(SampleSecurityManager.SECURITY_JSON, "com/gemstone/gemfire/security/peerAuth.json");
- properties.setProperty(UserPasswordAuthInit.USER_NAME, "server1");
- properties.setProperty(UserPasswordAuthInit.PASSWORD, "1234567");
-
- getSystem(properties);
- getCache();
- });
-
- server2.invoke(()-> {
- spySecurityManager = new SpySecurityManager();
-
- final Properties properties = createProperties(locators);
- properties.setProperty(SampleSecurityManager.SECURITY_JSON, "com/gemstone/gemfire/security/peerAuth.json");
- properties.setProperty(UserPasswordAuthInit.USER_NAME, "server2");
- properties.setProperty(UserPasswordAuthInit.PASSWORD, "1234567");
-
- getSystem(properties);
- getCache();
- });
- }
-
- @Test
- public void initAndCloseTest() throws Exception {
- spySecurityManager = new SpySecurityManager();
-
- final Properties properties = createProperties(locators);
- properties.setProperty(SampleSecurityManager.SECURITY_JSON, "com/gemstone/gemfire/security/peerAuth.json");
- properties.setProperty(UserPasswordAuthInit.USER_NAME, "stranger");
- properties.setProperty(UserPasswordAuthInit.PASSWORD, "1234567");
-
- assertThatThrownBy(() -> getSystem(properties)).isExactlyInstanceOf(AuthenticationFailedException.class);
- }
-
- @Override
- public void postTearDownCacheTestCase() throws Exception {
- closeAllCache();
- spySecurityManager = null;
- invokeInEveryVM(() -> { spySecurityManager = null; });
- }
-
- private static Properties createProperties(String locators) {
- Properties allProperties = new Properties();
- allProperties.setProperty(LOCATORS, locators);
- allProperties.setProperty(MCAST_PORT, "0");
- allProperties.setProperty(SECURITY_MANAGER, SpySecurityManager.class.getName());
- allProperties.setProperty(SECURITY_PEER_AUTH_INIT, UserPasswordAuthInit.class.getName() + ".create");
- allProperties.setProperty(USE_CLUSTER_CONFIGURATION, "false");
- return allProperties;
- }
-
- public static class SpySecurityManager extends SampleSecurityManager {
-
- static int initInvoked = 0;
- static int closeInvoked = 0;
-
- @Override
- public void init(final Properties securityProps) {
- initInvoked++;
- super.init(securityProps);
- }
-
- @Override
- public void close() {
- closeInvoked++;
- super.close();
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/NoShowValue1PostProcessor.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/NoShowValue1PostProcessor.java b/geode-core/src/test/java/com/gemstone/gemfire/security/NoShowValue1PostProcessor.java
deleted file mode 100644
index d2adffd..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/NoShowValue1PostProcessor.java
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security;
-
-import java.io.Serializable;
-
-import org.apache.geode.security.PostProcessor;
-
-public class NoShowValue1PostProcessor implements PostProcessor {
-
- @Override
- public Object processRegionValue(final Object principal,
- final String regionName,
- final Object key,
- final Object value) {
- if (value.equals("value1")) {
- return null;
- } else {
- return value;
- }
- }
-}
[05/15] incubator-geode git commit: GEODE-37 Renamed security related
stuff
Posted by hi...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/IntegratedClientRegionClearAuthDistributedTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/IntegratedClientRegionClearAuthDistributedTest.java b/geode-core/src/test/java/org/apache/geode/security/IntegratedClientRegionClearAuthDistributedTest.java
new file mode 100644
index 0000000..3c5a2ef
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/IntegratedClientRegionClearAuthDistributedTest.java
@@ -0,0 +1,63 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import com.gemstone.gemfire.cache.Region;
+import com.gemstone.gemfire.cache.client.ClientCache;
+import com.gemstone.gemfire.cache.client.ClientCacheFactory;
+import com.gemstone.gemfire.cache.client.ClientRegionShortcut;
+import com.gemstone.gemfire.test.dunit.SerializableRunnable;
+import com.gemstone.gemfire.test.junit.categories.DistributedTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+
+@Category({ DistributedTest.class, SecurityTest.class })
+public class IntegratedClientRegionClearAuthDistributedTest extends AbstractSecureServerDUnitTest {
+
+ @Test
+ public void testRegionClear() throws InterruptedException {
+ // Verify that an unauthorized user can't clear the region
+ SerializableRunnable clearUnauthorized = new SerializableRunnable() {
+ @Override
+ public void run() {
+ ClientCache cache = new ClientCacheFactory(createClientProperties("stranger", "1234567")).setPoolSubscriptionEnabled(true)
+ .addPoolServer("localhost", serverPort)
+ .create();
+
+ Region region = cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME);
+ assertNotAuthorized(() -> region.clear(), "DATA:WRITE:AuthRegion");
+ }
+ };
+ client1.invoke(clearUnauthorized);
+
+ // Verify that an authorized user can clear the region
+ SerializableRunnable clearAuthorized = new SerializableRunnable() {
+ @Override
+ public void run() {
+ ClientCache cache = new ClientCacheFactory(createClientProperties("authRegionUser", "1234567")).setPoolSubscriptionEnabled(true)
+ .addPoolServer("localhost", serverPort)
+ .create();
+
+ Region region = cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME);
+ region.clear();
+ }
+ };
+ client2.invoke(clearAuthorized);
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/IntegratedClientRegisterInterestAuthDistributedTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/IntegratedClientRegisterInterestAuthDistributedTest.java b/geode-core/src/test/java/org/apache/geode/security/IntegratedClientRegisterInterestAuthDistributedTest.java
new file mode 100644
index 0000000..8e67ead
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/IntegratedClientRegisterInterestAuthDistributedTest.java
@@ -0,0 +1,164 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import com.gemstone.gemfire.cache.Region;
+import com.gemstone.gemfire.cache.client.ClientCache;
+import com.gemstone.gemfire.cache.client.ClientCacheFactory;
+import com.gemstone.gemfire.cache.client.ClientRegionShortcut;
+import com.gemstone.gemfire.test.dunit.AsyncInvocation;
+import com.gemstone.gemfire.test.junit.categories.DistributedTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+
+@Category({ DistributedTest.class, SecurityTest.class })
+public class IntegratedClientRegisterInterestAuthDistributedTest extends AbstractSecureServerDUnitTest {
+
+ @Test
+ public void testRegisterInterest() throws InterruptedException {
+ // client1 connects to server as a user not authorized to do any operations
+ AsyncInvocation ai1 = client1.invokeAsync(() -> {
+ ClientCache cache = new ClientCacheFactory(createClientProperties("stranger", "1234567")).setPoolSubscriptionEnabled(true)
+ .addPoolServer("localhost", serverPort)
+ .create();
+
+ Region region = cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME);
+ assertNotAuthorized(() -> region.registerInterest("key3"), "DATA:READ:AuthRegion:key3");
+ });
+
+ // client2 connects to user as a user authorized to use AuthRegion region
+ AsyncInvocation ai2 = client2.invokeAsync(() -> {
+ ClientCache cache = new ClientCacheFactory(createClientProperties("authRegionUser", "1234567")).setPoolSubscriptionEnabled(true)
+ .addPoolServer("localhost", serverPort)
+ .create();
+
+ Region region = cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME);
+ region.registerInterest("key3"); // DATA:READ:AuthRegion:key3;
+ });
+
+ // client3 connects to user as a user authorized to use key1 in AuthRegion region
+ AsyncInvocation ai3 = client3.invokeAsync(() -> {
+ ClientCache cache = new ClientCacheFactory(createClientProperties("key1User", "1234567")).setPoolSubscriptionEnabled(true)
+ .addPoolServer("localhost", serverPort)
+ .create();
+
+ Region region = cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME);
+ assertNotAuthorized(() -> region.registerInterest("key2"), "DATA:READ:AuthRegion:key2");
+ });
+
+ ai1.join();
+ ai2.join();
+ ai3.join();
+
+ ai1.checkException();
+ ai2.checkException();
+ ai3.checkException();
+ }
+
+ @Test
+ public void testRegisterInterestRegex() throws InterruptedException {
+ //client1 connects to server as a user not authorized to do any operations
+ AsyncInvocation ai1 = client1.invokeAsync(() -> {
+ ClientCache cache = new ClientCacheFactory(createClientProperties("stranger", "1234567")).setPoolSubscriptionEnabled(true)
+ .addPoolServer("localhost", serverPort)
+ .create();
+
+ Region region = cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME);
+ assertNotAuthorized(() -> region.registerInterestRegex("key.*"), "DATA:READ:AuthRegion");
+ });
+
+ // client2 connects to user as a user authorized to use AuthRegion region
+ AsyncInvocation ai2 = client2.invokeAsync(() -> {
+ ClientCache cache = new ClientCacheFactory(createClientProperties("authRegionUser", "1234567")).setPoolSubscriptionEnabled(true)
+ .addPoolServer("localhost", serverPort)
+ .create();
+
+ Region region = cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME);
+ region.registerInterestRegex("key[0-9]+"); // DATA:READ:AuthRegion:key3;
+ });
+
+ // client3 connects to user as a user authorized to use key1 in AuthRegion region
+ AsyncInvocation ai3 = client3.invokeAsync(() -> {
+ ClientCache cache = new ClientCacheFactory(createClientProperties("key1User", "1234567")).setPoolSubscriptionEnabled(true)
+ .addPoolServer("localhost", serverPort)
+ .create();
+
+ Region region = cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME);
+ assertNotAuthorized(() -> region.registerInterestRegex("key[0-9]+"), "DATA:READ:AuthRegion");
+ assertNotAuthorized(() -> region.registerInterestRegex("key1"), "DATA:READ:AuthRegion");
+ });
+
+ ai1.join();
+ ai2.join();
+ ai3.join();
+
+ ai1.checkException();
+ ai2.checkException();
+ ai3.checkException();
+ }
+
+ @Test
+ public void testRegisterInterestList() throws InterruptedException {
+ List<String> keys = new ArrayList<>();
+ keys.add("key1");
+ keys.add("key2");
+
+ //client1 connects to server as a user not authorized to do any operations
+ AsyncInvocation ai1 = client1.invokeAsync(() -> {
+ ClientCache cache = new ClientCacheFactory(createClientProperties("stranger", "1234567")).setPoolSubscriptionEnabled(true)
+ .addPoolServer("localhost", serverPort)
+ .create();
+
+ Region region = cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME);
+ assertNotAuthorized(() -> region.registerInterest(keys), "DATA:READ:AuthRegion");
+ });
+
+ // client2 connects to user as a user authorized to use AuthRegion region
+ AsyncInvocation ai2 = client2.invokeAsync(() -> {
+ ClientCache cache = new ClientCacheFactory(createClientProperties("authRegionUser", "1234567")).setPoolSubscriptionEnabled(true)
+ .addPoolServer("localhost", serverPort)
+ .create();
+
+ Region region = cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME);
+ region.registerInterest(keys); // DATA:READ:AuthRegion;
+ });
+
+ // client3 connects to user as a user authorized to use key1 in AuthRegion region
+ AsyncInvocation ai3 = client3.invokeAsync(() -> {
+ ClientCache cache = new ClientCacheFactory(createClientProperties("key1User", "1234567")).setPoolSubscriptionEnabled(true)
+ .addPoolServer("localhost", serverPort)
+ .create();
+
+ Region region = cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME);
+ assertNotAuthorized(() -> region.registerInterest(keys), "DATA:READ:AuthRegion");
+ });
+
+ ai1.join();
+ ai2.join();
+ ai3.join();
+
+ ai1.checkException();
+ ai2.checkException();
+ ai3.checkException();
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/IntegratedClientRemoveAllAuthDistributedTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/IntegratedClientRemoveAllAuthDistributedTest.java b/geode-core/src/test/java/org/apache/geode/security/IntegratedClientRemoveAllAuthDistributedTest.java
new file mode 100644
index 0000000..357ed98
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/IntegratedClientRemoveAllAuthDistributedTest.java
@@ -0,0 +1,65 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import static org.junit.Assert.*;
+
+import java.util.Arrays;
+
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import com.gemstone.gemfire.cache.Region;
+import com.gemstone.gemfire.cache.client.ClientCache;
+import com.gemstone.gemfire.cache.client.ClientCacheFactory;
+import com.gemstone.gemfire.cache.client.ClientRegionShortcut;
+import com.gemstone.gemfire.test.dunit.AsyncInvocation;
+import com.gemstone.gemfire.test.junit.categories.DistributedTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+
+@Category({ DistributedTest.class, SecurityTest.class })
+public class IntegratedClientRemoveAllAuthDistributedTest extends AbstractSecureServerDUnitTest {
+
+ @Test
+ public void testRemoveAll() throws InterruptedException {
+
+ AsyncInvocation ai1 = client1.invokeAsync(() -> {
+ ClientCache cache = new ClientCacheFactory(createClientProperties("authRegionReader", "1234567")).setPoolSubscriptionEnabled(true)
+ .addPoolServer("localhost", serverPort)
+ .create();
+
+ Region region = cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME);
+ assertNotAuthorized(() -> region.removeAll(Arrays.asList("key1", "key2", "key3", "key4")), "DATA:WRITE:AuthRegion");
+ });
+
+ AsyncInvocation ai2 = client2.invokeAsync(() -> {
+ ClientCache cache = new ClientCacheFactory(createClientProperties("authRegionWriter", "1234567")).setPoolSubscriptionEnabled(true)
+ .addPoolServer("localhost", serverPort)
+ .create();
+
+ Region region = cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME);
+ region.removeAll(Arrays.asList("key1", "key2", "key3", "key4"));
+ assertFalse(region.containsKey("key1"));
+ assertNotAuthorized(() -> region.containsKeyOnServer("key1"), "DATA:READ:AuthRegion:key1");
+ });
+ ai1.join();
+ ai2.join();
+ ai1.checkException();
+ ai2.checkException();
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/IntegratedClientSizeAuthDistributedTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/IntegratedClientSizeAuthDistributedTest.java b/geode-core/src/test/java/org/apache/geode/security/IntegratedClientSizeAuthDistributedTest.java
new file mode 100644
index 0000000..8ca6995
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/IntegratedClientSizeAuthDistributedTest.java
@@ -0,0 +1,54 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import org.junit.Ignore;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import com.gemstone.gemfire.cache.client.ClientCache;
+import com.gemstone.gemfire.cache.client.internal.InternalPool;
+import com.gemstone.gemfire.cache.client.internal.SizeOp;
+import com.gemstone.gemfire.test.dunit.AsyncInvocation;
+import com.gemstone.gemfire.test.junit.categories.DistributedTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+
+@Category({ DistributedTest.class, SecurityTest.class })
+public class IntegratedClientSizeAuthDistributedTest extends AbstractSecureServerDUnitTest {
+
+ @Test
+ @Ignore("This is not a supported client message")
+ // this would fail sporadically because ServerConnection.isInternalMessage would return true for this message,
+ // and it won't bind the correct subject on the executing thread.
+ public void testSize() throws InterruptedException {
+
+ AsyncInvocation ai1 = client1.invokeAsync(() -> {
+ ClientCache cache = createClientCache("dataWriter", "1234567", serverPort);
+ assertNotAuthorized(() -> SizeOp.execute((InternalPool) cache.getDefaultPool(), REGION_NAME), "DATA:READ:AuthRegion");
+ });
+
+ AsyncInvocation ai2 = client2.invokeAsync(() -> {
+ ClientCache cache = createClientCache("authRegionReader", "1234567", serverPort);
+ SizeOp.execute((InternalPool) cache.getDefaultPool(), REGION_NAME);
+ });
+
+ ai1.join();
+ ai2.join();
+ ai1.checkException();
+ ai2.checkException();
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/IntegratedClientUnregisterInterestAuthDistributedTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/IntegratedClientUnregisterInterestAuthDistributedTest.java b/geode-core/src/test/java/org/apache/geode/security/IntegratedClientUnregisterInterestAuthDistributedTest.java
new file mode 100644
index 0000000..14edeb4
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/IntegratedClientUnregisterInterestAuthDistributedTest.java
@@ -0,0 +1,48 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import com.gemstone.gemfire.cache.Region;
+import com.gemstone.gemfire.cache.client.ClientCache;
+import com.gemstone.gemfire.cache.client.ClientCacheFactory;
+import com.gemstone.gemfire.cache.client.ClientRegionShortcut;
+import com.gemstone.gemfire.test.dunit.AsyncInvocation;
+import com.gemstone.gemfire.test.junit.categories.DistributedTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+
+@Category({ DistributedTest.class, SecurityTest.class })
+public class IntegratedClientUnregisterInterestAuthDistributedTest extends AbstractSecureServerDUnitTest {
+
+ @Test
+ public void testUnregisterInterest() throws InterruptedException {
+ // client2 connects to user as a user authorized to use AuthRegion region
+ AsyncInvocation ai1 = client2.invokeAsync(() -> {
+ ClientCache cache = new ClientCacheFactory(createClientProperties("authRegionUser", "1234567")).setPoolSubscriptionEnabled(true)
+ .addPoolServer("localhost", serverPort)
+ .create();
+
+ Region region = cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME);
+ region.registerInterest("key3");
+ region.unregisterInterest("key3"); // DATA:READ:AuthRegion:key3;
+ });
+ ai1.join();
+ ai1.checkException();
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/IntegratedSecurityCacheLifecycleDistributedTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/IntegratedSecurityCacheLifecycleDistributedTest.java b/geode-core/src/test/java/org/apache/geode/security/IntegratedSecurityCacheLifecycleDistributedTest.java
new file mode 100644
index 0000000..2920fd5
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/IntegratedSecurityCacheLifecycleDistributedTest.java
@@ -0,0 +1,134 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+import static org.assertj.core.api.Assertions.*;
+
+import java.io.IOException;
+import java.util.Properties;
+
+import org.apache.geode.security.templates.SampleSecurityManager;
+import org.junit.Ignore;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import com.gemstone.gemfire.cache.server.CacheServer;
+import com.gemstone.gemfire.internal.AvailablePort;
+import com.gemstone.gemfire.internal.security.IntegratedSecurityService;
+import com.gemstone.gemfire.internal.security.SecurityService;
+import com.gemstone.gemfire.internal.AvailablePortHelper;
+import com.gemstone.gemfire.management.ManagementService;
+import com.gemstone.gemfire.test.dunit.DistributedTestUtils;
+import com.gemstone.gemfire.test.dunit.Host;
+import com.gemstone.gemfire.test.dunit.NetworkUtils;
+import com.gemstone.gemfire.test.dunit.VM;
+import com.gemstone.gemfire.test.dunit.cache.internal.JUnit4CacheTestCase;
+import com.gemstone.gemfire.test.junit.categories.DistributedTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+
+@Ignore("This is broken but fixed on feature/GEODE-1673")
+@Category({DistributedTest.class, SecurityTest.class})
+public class IntegratedSecurityCacheLifecycleDistributedTest extends JUnit4CacheTestCase {
+
+ private String locators;
+ private VM locator;
+ private SecurityService securityService;
+
+ @Override
+ public final void postSetUp() throws Exception {
+ Host host = Host.getHost(0);
+ locator = host.getVM(0);
+
+ securityService = IntegratedSecurityService.getSecurityService();
+
+ int[] ports = AvailablePortHelper.getRandomAvailableTCPPorts(2);
+ int locatorPort = ports[0];
+ int managerPort = ports[1];
+
+ locators = NetworkUtils.getServerHostName(host) + "[" + locatorPort + "]";
+
+ locator.invoke(() -> {
+ DistributedTestUtils.deleteLocatorStateFile(locatorPort);
+
+ final Properties properties = new Properties();
+ properties.setProperty(SampleSecurityManager.SECURITY_JSON, "com/gemstone/gemfire/management/internal/security/clientServer.json");
+ properties.setProperty(LOCATORS, locators);
+ properties.setProperty(MCAST_PORT, "0");
+ properties.setProperty(SECURITY_ENABLED_COMPONENTS, "");
+ properties.setProperty(SECURITY_MANAGER, SpySecurityManager.class.getName());
+ properties.setProperty(START_LOCATOR, locators);
+ properties.setProperty(JMX_MANAGER, "true");
+ properties.setProperty(JMX_MANAGER_START, "true");
+ properties.setProperty(JMX_MANAGER_PORT, String.valueOf(managerPort));
+ properties.setProperty(USE_CLUSTER_CONFIGURATION, "false");
+ getSystem(properties);
+ getCache();
+ });
+ }
+
+ @Test
+ public void initAndCloseTest() throws Exception {
+ connect();
+
+ {
+ ManagementService ms = ManagementService.getExistingManagementService(getCache());
+ assertThat(ms).isNotNull();
+ assertThat(ms.isManager()).isFalse();
+
+ verifyInitCloseInvoked();
+ }
+
+ locator.invoke(() -> {
+ ManagementService ms = ManagementService.getExistingManagementService(getCache());
+ assertThat(ms).isNotNull();
+ assertThat(ms.isManager()).isTrue();
+
+ verifyInitCloseInvoked();
+ });
+ }
+
+ private void connect() throws IOException {
+ final Properties properties = new Properties();
+ properties.setProperty(SampleSecurityManager.SECURITY_JSON, "com/gemstone/gemfire/management/internal/security/clientServer.json");
+ properties.setProperty(LOCATORS, locators);
+ properties.setProperty(MCAST_PORT, "0");
+ properties.setProperty(SECURITY_ENABLED_COMPONENTS, "");
+ properties.setProperty(SECURITY_MANAGER, SpySecurityManager.class.getName());
+ properties.setProperty(USE_CLUSTER_CONFIGURATION, "false");
+
+ getSystem(properties);
+
+ CacheServer server1 = getCache().addCacheServer();
+ server1.setPort(0);
+ server1.start();
+
+ getCache();
+ }
+
+ @Override
+ public void postTearDownCacheTestCase() throws Exception {
+ closeAllCache();
+ }
+
+ private void verifyInitCloseInvoked() {
+ SpySecurityManager ssm = (SpySecurityManager) this.securityService.getSecurityManager();
+ assertThat(ssm.initInvoked).isEqualTo(1);
+ getCache().close();
+ assertThat(ssm.closeInvoked).isEqualTo(1);
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/IntegratedSecurityCacheLifecycleIntegrationTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/IntegratedSecurityCacheLifecycleIntegrationTest.java b/geode-core/src/test/java/org/apache/geode/security/IntegratedSecurityCacheLifecycleIntegrationTest.java
new file mode 100644
index 0000000..8cb894a
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/IntegratedSecurityCacheLifecycleIntegrationTest.java
@@ -0,0 +1,74 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+import static org.assertj.core.api.Assertions.*;
+import static org.mockito.Mockito.*;
+
+import java.util.Properties;
+
+import com.gemstone.gemfire.cache.Cache;
+import com.gemstone.gemfire.cache.CacheFactory;
+import com.gemstone.gemfire.internal.security.IntegratedSecurityService;
+import com.gemstone.gemfire.internal.security.SecurityService;
+import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+@Category({IntegrationTest.class, SecurityTest.class})
+public class IntegratedSecurityCacheLifecycleIntegrationTest {
+
+ private Properties securityProps;
+ private Cache cache;
+ private SecurityService securityService;
+
+ @Before
+ public void before() {
+ securityService = IntegratedSecurityService.getSecurityService();
+
+ securityProps = new Properties();
+ securityProps.setProperty(SECURITY_MANAGER, SpySecurityManager.class.getName());
+
+ Properties props = new Properties();
+ props.putAll(securityProps);
+ props.setProperty(MCAST_PORT, "0");
+ props.setProperty(LOCATORS, "");
+
+ cache = new CacheFactory(props).create();
+ }
+
+ @After
+ public void after() {
+ if (cache != null && !cache.isClosed()) {
+ cache.close();
+ }
+ }
+
+ @Test
+ public void initAndCloseTest () {
+ SpySecurityManager ssm = (SpySecurityManager)securityService.getSecurityManager();
+ assertThat(ssm.initInvoked).isEqualTo(1);
+ cache.close();
+ assertThat(ssm.closeInvoked).isEqualTo(1);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/IntegratedSecurityPeerAuthDistributedTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/IntegratedSecurityPeerAuthDistributedTest.java b/geode-core/src/test/java/org/apache/geode/security/IntegratedSecurityPeerAuthDistributedTest.java
new file mode 100644
index 0000000..7a4830d
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/IntegratedSecurityPeerAuthDistributedTest.java
@@ -0,0 +1,146 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+import static com.gemstone.gemfire.test.dunit.Invoke.*;
+import static org.assertj.core.api.Assertions.*;
+
+import java.util.Properties;
+
+import com.gemstone.gemfire.internal.AvailablePort;
+import com.gemstone.gemfire.security.templates.UserPasswordAuthInit;
+import com.gemstone.gemfire.test.dunit.DistributedTestUtils;
+import com.gemstone.gemfire.test.dunit.Host;
+import com.gemstone.gemfire.test.dunit.NetworkUtils;
+import com.gemstone.gemfire.test.dunit.VM;
+import com.gemstone.gemfire.test.dunit.cache.internal.JUnit4CacheTestCase;
+import com.gemstone.gemfire.test.junit.categories.DistributedTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+
+import org.apache.geode.security.templates.SampleSecurityManager;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+@Category({ DistributedTest.class, SecurityTest.class })
+public class IntegratedSecurityPeerAuthDistributedTest extends JUnit4CacheTestCase{
+
+ private static SpySecurityManager spySecurityManager;
+
+ private VM locator;
+ private VM server1;
+ private VM server2;
+
+ private String locators;
+
+ @Override
+ public final void postSetUp() throws Exception {
+ Host host = Host.getHost(0);
+ locator = host.getVM(0);
+ server1 = host.getVM(1);
+ server2 = host.getVM(2);
+
+ int locatorPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
+ locators = NetworkUtils.getServerHostName(host) + "[" + locatorPort + "]";
+
+ locator.invoke(() -> {
+ spySecurityManager = new SpySecurityManager();
+
+ DistributedTestUtils.deleteLocatorStateFile(locatorPort);
+
+ final Properties properties = createProperties(locators);
+ properties.setProperty(SampleSecurityManager.SECURITY_JSON, "com/gemstone/gemfire/security/peerAuth.json");
+ properties.setProperty(UserPasswordAuthInit.USER_NAME, "locator1");
+ properties.setProperty(UserPasswordAuthInit.PASSWORD, "1234567");
+ properties.setProperty(START_LOCATOR, locators);
+
+ getSystem(properties);
+ getCache();
+ });
+
+ server1.invoke(()-> {
+ spySecurityManager = new SpySecurityManager();
+
+ final Properties properties = createProperties(locators);
+ properties.setProperty(SampleSecurityManager.SECURITY_JSON, "com/gemstone/gemfire/security/peerAuth.json");
+ properties.setProperty(UserPasswordAuthInit.USER_NAME, "server1");
+ properties.setProperty(UserPasswordAuthInit.PASSWORD, "1234567");
+
+ getSystem(properties);
+ getCache();
+ });
+
+ server2.invoke(()-> {
+ spySecurityManager = new SpySecurityManager();
+
+ final Properties properties = createProperties(locators);
+ properties.setProperty(SampleSecurityManager.SECURITY_JSON, "com/gemstone/gemfire/security/peerAuth.json");
+ properties.setProperty(UserPasswordAuthInit.USER_NAME, "server2");
+ properties.setProperty(UserPasswordAuthInit.PASSWORD, "1234567");
+
+ getSystem(properties);
+ getCache();
+ });
+ }
+
+ @Test
+ public void initAndCloseTest() throws Exception {
+ spySecurityManager = new SpySecurityManager();
+
+ final Properties properties = createProperties(locators);
+ properties.setProperty(SampleSecurityManager.SECURITY_JSON, "com/gemstone/gemfire/security/peerAuth.json");
+ properties.setProperty(UserPasswordAuthInit.USER_NAME, "stranger");
+ properties.setProperty(UserPasswordAuthInit.PASSWORD, "1234567");
+
+ assertThatThrownBy(() -> getSystem(properties)).isExactlyInstanceOf(AuthenticationFailedException.class);
+ }
+
+ @Override
+ public void postTearDownCacheTestCase() throws Exception {
+ closeAllCache();
+ spySecurityManager = null;
+ invokeInEveryVM(() -> { spySecurityManager = null; });
+ }
+
+ private static Properties createProperties(String locators) {
+ Properties allProperties = new Properties();
+ allProperties.setProperty(LOCATORS, locators);
+ allProperties.setProperty(MCAST_PORT, "0");
+ allProperties.setProperty(SECURITY_MANAGER, SpySecurityManager.class.getName());
+ allProperties.setProperty(SECURITY_PEER_AUTH_INIT, UserPasswordAuthInit.class.getName() + ".create");
+ allProperties.setProperty(USE_CLUSTER_CONFIGURATION, "false");
+ return allProperties;
+ }
+
+ public static class SpySecurityManager extends SampleSecurityManager {
+
+ static int initInvoked = 0;
+ static int closeInvoked = 0;
+
+ @Override
+ public void init(final Properties securityProps) {
+ initInvoked++;
+ super.init(securityProps);
+ }
+
+ @Override
+ public void close() {
+ closeInvoked++;
+ super.close();
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/NoShowValue1PostProcessor.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/NoShowValue1PostProcessor.java b/geode-core/src/test/java/org/apache/geode/security/NoShowValue1PostProcessor.java
new file mode 100644
index 0000000..d2adffd
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/NoShowValue1PostProcessor.java
@@ -0,0 +1,36 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import java.io.Serializable;
+
+import org.apache.geode.security.PostProcessor;
+
+public class NoShowValue1PostProcessor implements PostProcessor {
+
+ @Override
+ public Object processRegionValue(final Object principal,
+ final String regionName,
+ final Object key,
+ final Object value) {
+ if (value.equals("value1")) {
+ return null;
+ } else {
+ return value;
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/NoShowValue1PostProcessorDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/NoShowValue1PostProcessorDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/NoShowValue1PostProcessorDUnitTest.java
new file mode 100644
index 0000000..5d071a8
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/NoShowValue1PostProcessorDUnitTest.java
@@ -0,0 +1,86 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import static org.junit.Assert.*;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import com.gemstone.gemfire.cache.Region;
+import com.gemstone.gemfire.cache.client.ClientCache;
+import com.gemstone.gemfire.cache.client.Pool;
+import com.gemstone.gemfire.cache.client.PoolManager;
+import com.gemstone.gemfire.cache.query.SelectResults;
+import com.gemstone.gemfire.test.junit.categories.DistributedTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+
+@Category({ DistributedTest.class, SecurityTest.class })
+public class NoShowValue1PostProcessorDUnitTest extends AbstractSecureServerDUnitTest {
+
+ public NoShowValue1PostProcessorDUnitTest(){
+ this.postProcessor = NoShowValue1PostProcessor.class;
+ }
+
+ @Test
+ public void testPostProcess(){
+ List<String> keys = new ArrayList<>();
+ keys.add("key1");
+ keys.add("key2");
+
+ client1.invoke(()->{
+ ClientCache cache = createClientCache("super-user", "1234567", serverPort);
+ Region region = cache.getRegion(REGION_NAME);
+
+ // post process for get
+ assertEquals("value3", region.get("key3"));
+
+ assertNull(region.get("key1"));
+
+ // post processs for getAll
+ Map values = region.getAll(keys);
+ assertEquals(2, values.size());
+ assertEquals("value2", values.get("key2"));
+ assertNull(values.get("key1"));
+
+ // post process for query
+ String query = "select * from /AuthRegion";
+ SelectResults result = region.query(query);
+ System.out.println("query result: "+result);
+ assertEquals(5, result.size());
+ assertTrue(result.contains("value0"));
+ assertFalse(result.contains("value1"));
+ assertTrue(result.contains("value2"));
+ assertTrue(result.contains("value3"));
+ assertTrue(result.contains("value4"));
+
+ Pool pool = PoolManager.find(region);
+ result = (SelectResults)pool.getQueryService().newQuery(query).execute();
+ System.out.println("query result: "+result);
+ assertTrue(result.contains("value0"));
+ assertFalse(result.contains("value1"));
+ assertTrue(result.contains("value2"));
+ assertTrue(result.contains("value3"));
+ assertTrue(result.contains("value4"));
+ });
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/NotAuthorizedExceptionTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/NotAuthorizedExceptionTest.java b/geode-core/src/test/java/org/apache/geode/security/NotAuthorizedExceptionTest.java
new file mode 100644
index 0000000..67dfadc
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/NotAuthorizedExceptionTest.java
@@ -0,0 +1,200 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import static com.googlecode.catchexception.CatchException.*;
+import static org.assertj.core.api.Assertions.*;
+import static org.mockito.Mockito.*;
+
+import java.io.NotSerializableException;
+import java.io.Serializable;
+import java.security.Principal;
+import javax.naming.NamingException;
+
+import org.apache.commons.lang.SerializationUtils;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.junit.rules.TestName;
+
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+import com.gemstone.gemfire.test.junit.categories.UnitTest;
+
+/**
+ * Unit tests for {@link NotAuthorizedException}.
+ */
+@Category({ UnitTest.class, SecurityTest.class })
+public class NotAuthorizedExceptionTest {
+
+ private String message;
+ private String causeMessage;
+ private Object nonSerializableResolvedObj;
+ private NamingException nonSerializableNamingException;
+ private SerializableObject serializableResolvedObj;
+ private NamingException serializableNamingException;
+ private String principalName;
+ private Principal nonSerializablePrincipal;
+ private SerializablePrincipal serializablePrincipal;
+
+ @Rule
+ public TestName testName = new TestName();
+
+ @Before
+ public void setUp() throws Exception {
+ this.message = testName.getMethodName() + " message";
+ this.causeMessage = testName.getMethodName() + " cause message";
+
+ this.nonSerializableResolvedObj = new Object();
+ this.nonSerializableNamingException = new NamingException(this.causeMessage);
+ this.nonSerializableNamingException.setResolvedObj(this.nonSerializableResolvedObj);
+
+ this.serializableResolvedObj = new SerializableObject(this.testName.getMethodName());
+ this.serializableNamingException = new NamingException(this.causeMessage);
+ this.serializableNamingException.setResolvedObj(this.serializableResolvedObj);
+
+ this.principalName = "jsmith";
+ this.nonSerializablePrincipal = mock(Principal.class);
+ this.serializablePrincipal = new SerializablePrincipal(this.principalName);
+
+ assertPreconditions();
+ }
+
+ private void assertPreconditions() {
+ catchException(this).clone(this.nonSerializableNamingException);
+ assertThat((Throwable)caughtException()).isNotNull();
+ assertThat((Throwable)caughtException().getCause()).isInstanceOf(NotSerializableException.class);
+
+ catchException(this).clone(this.serializableNamingException);
+ assertThat((Throwable)caughtException()).isNull();
+
+ assertThat(this.nonSerializableResolvedObj).isNotInstanceOf(Serializable.class);
+
+ catchException(this).clone(this.serializableResolvedObj);
+ assertThat((Throwable)caughtException()).isNull();
+
+ assertThat(this.nonSerializablePrincipal).isNotInstanceOf(Serializable.class);
+
+ catchException(this).clone(this.serializablePrincipal);
+ assertThat((Throwable)caughtException()).isNull();
+ }
+
+ @Test
+ public void isSerializable() throws Exception {
+ assertThat(NotAuthorizedException.class).isInstanceOf(Serializable.class);
+ }
+
+ @Test
+ public void serializes() throws Exception {
+ NotAuthorizedException instance = new NotAuthorizedException(this.message);
+
+ NotAuthorizedException cloned = (NotAuthorizedException) SerializationUtils.clone(instance);
+
+ assertThat(cloned).hasMessage(this.message);
+ }
+
+ @Test
+ public void serializesWithThrowable() throws Exception {
+ Throwable cause = new Exception(this.causeMessage);
+ NotAuthorizedException instance = new NotAuthorizedException(this.message, cause);
+
+ NotAuthorizedException cloned = (NotAuthorizedException) SerializationUtils.clone(instance);
+
+ assertThat(cloned).hasMessage(this.message);
+ assertThat(cloned).hasCause(cause);
+ }
+
+ @Test
+ public void serializesWithNonSerializablePrincipal() throws Exception {
+ NotAuthorizedException instance = new NotAuthorizedException(this.message, this.nonSerializablePrincipal);
+ assertThat(instance.getPrincipal()).isNotNull();
+
+ NotAuthorizedException cloned = (NotAuthorizedException) SerializationUtils.clone(instance);
+
+ assertThat(cloned).hasMessage(this.message);
+ assertThat(cloned.getPrincipal()).isNull();
+ }
+
+ @Test
+ public void serializesWithSerializablePrincipal() throws Exception {
+ NotAuthorizedException instance = new NotAuthorizedException(this.message, this.serializablePrincipal);
+
+ NotAuthorizedException cloned = (NotAuthorizedException) SerializationUtils.clone(instance);
+
+ assertThat(cloned).hasMessage(this.message);
+ assertThat(cloned.getPrincipal()).isNotNull().isEqualTo(this.serializablePrincipal);
+ }
+
+ public Object clone(final Serializable object) {
+ return SerializationUtils.clone(object);
+ }
+
+ public static class SerializableObject implements Serializable {
+
+ private String name;
+
+ SerializableObject(String name) {
+ this.name = name;
+ }
+
+ @Override
+ public boolean equals(Object o) {
+ if (this == o) return true;
+ if (o == null || getClass() != o.getClass()) return false;
+
+ SerializableObject that = (SerializableObject) o;
+
+ return name != null ? name.equals(that.name) : that.name == null;
+
+ }
+
+ @Override
+ public int hashCode() {
+ return name != null ? name.hashCode() : 0;
+ }
+ }
+
+ public static class SerializablePrincipal implements Principal, Serializable {
+
+ private String name;
+
+ SerializablePrincipal(String name) {
+ this.name = name;
+ }
+
+ @Override
+ public String getName() {
+ return this.name;
+ }
+
+ @Override
+ public boolean equals(Object o) {
+ if (this == o) return true;
+ if (o == null || getClass() != o.getClass()) return false;
+
+ SerializablePrincipal that = (SerializablePrincipal) o;
+
+ return name != null ? name.equals(that.name) : that.name == null;
+
+ }
+
+ @Override
+ public int hashCode() {
+ return name != null ? name.hashCode() : 0;
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/P2PAuthenticationDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/P2PAuthenticationDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/P2PAuthenticationDUnitTest.java
new file mode 100644
index 0000000..cb1836e
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/P2PAuthenticationDUnitTest.java
@@ -0,0 +1,541 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import com.gemstone.gemfire.distributed.ConfigurationProperties;
+import com.gemstone.gemfire.distributed.DistributedSystem;
+import com.gemstone.gemfire.distributed.Locator;
+import com.gemstone.gemfire.distributed.internal.InternalDistributedSystem;
+import com.gemstone.gemfire.distributed.internal.membership.MembershipManager;
+import com.gemstone.gemfire.distributed.internal.membership.gms.MembershipManagerHelper;
+import com.gemstone.gemfire.security.generator.CredentialGenerator;
+import com.gemstone.gemfire.security.generator.DummyCredentialGenerator;
+import com.gemstone.gemfire.security.generator.LdapUserCredentialGenerator;
+import com.gemstone.gemfire.security.generator.UserPasswordWithExtraPropsAuthInit;
+import com.gemstone.gemfire.security.templates.LdapUserAuthenticator;
+import com.gemstone.gemfire.security.templates.UserPasswordAuthInit;
+import com.gemstone.gemfire.test.dunit.Host;
+import com.gemstone.gemfire.test.dunit.VM;
+import com.gemstone.gemfire.test.dunit.internal.JUnit4DistributedTestCase;
+import com.gemstone.gemfire.test.junit.categories.DistributedTest;
+import com.gemstone.gemfire.test.junit.categories.FlakyTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+import org.junit.Ignore;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import javax.net.ssl.SSLHandshakeException;
+import java.util.Properties;
+
+import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+import static com.gemstone.gemfire.internal.AvailablePort.SOCKET;
+import static com.gemstone.gemfire.internal.AvailablePort.getRandomAvailablePort;
+import static com.gemstone.gemfire.security.SecurityTestUtils.startLocator;
+import static com.gemstone.gemfire.security.SecurityTestUtils.stopLocator;
+import static com.gemstone.gemfire.test.dunit.Assert.*;
+import static com.gemstone.gemfire.test.dunit.IgnoredException.addIgnoredException;
+import static com.gemstone.gemfire.test.dunit.NetworkUtils.getIPLiteral;
+import static com.gemstone.gemfire.test.dunit.Wait.pause;
+
+/**
+ * Tests peer to peer authentication in Gemfire
+ *
+ * @since GemFire 5.5
+ */
+@Category({ DistributedTest.class, SecurityTest.class })
+public class P2PAuthenticationDUnitTest extends JUnit4DistributedTestCase {
+
+ private static VM locatorVM = null;
+
+ private static final String[] ignoredExceptions = {
+ AuthenticationRequiredException.class.getName(),
+ AuthenticationFailedException.class.getName(),
+ GemFireSecurityException.class.getName(),
+ SSLHandshakeException.class.getName(),
+ ClassNotFoundException.class.getName(),
+ "Authentication failed for",
+ "Failed to obtain credentials"
+ };
+
+ @Override
+ public final void postSetUp() throws Exception {
+ disconnectAllFromDS();
+ locatorVM = Host.getHost(0).getVM(0);
+ for (String exceptionString : ignoredExceptions) {
+ addIgnoredException(exceptionString);
+ }
+ }
+
+ /**
+ * Check that mcast-port setting for discovery or with locator are
+ * incompatible with security
+ */
+ @Test
+ public void testIllegalPropertyCombos() throws Exception {
+ int port = getRandomAvailablePort(SOCKET);
+
+ Properties props = new Properties();
+ props.setProperty(MCAST_PORT, "26753");
+ props.setProperty(ConfigurationProperties.LOCATORS, getIPLiteral() + "[" + port + "]");
+ props.setProperty(ConfigurationProperties.SECURITY_PEER_AUTH_INIT, UserPasswordAuthInit.class.getName() + ".create");
+ props.setProperty(ConfigurationProperties.ENABLE_CLUSTER_CONFIGURATION, "false");
+
+ try {
+ Locator.startLocatorAndDS(port, null, null, props);
+ fail("Expected an IllegalArgumentException while starting locator");
+
+ } catch (IllegalArgumentException ex) {
+ // success
+ }
+
+ // Also try setting the authenticator
+ props = new Properties();
+ props.setProperty(MCAST_PORT, "26753");
+ props.setProperty(LOCATORS, getIPLiteral() + "[" + port + "]");
+ props.setProperty(SECURITY_PEER_AUTHENTICATOR, LdapUserAuthenticator.class.getName() + ".create");
+ props.setProperty(ENABLE_CLUSTER_CONFIGURATION, "false");
+
+ try {
+ Locator.startLocatorAndDS(port, null, null, props);
+ fail("Expected an IllegalArgumentException while starting locator");
+
+ } catch (IllegalArgumentException expected) {
+ // success
+ }
+
+ props = new Properties();
+ props.setProperty(MCAST_PORT, "26753");
+ props.setProperty(SECURITY_PEER_AUTH_INIT, UserPasswordAuthInit.class.getName() + ".create");
+
+ try {
+ getSystem(props);
+ fail("Expected an IllegalArgumentException while connection to DS");
+
+ } catch (IllegalArgumentException expected) {
+ // success
+ }
+
+ // Also try setting the authenticator
+ props = new Properties();
+ props.setProperty(MCAST_PORT, "26753");
+ props.setProperty(SECURITY_PEER_AUTHENTICATOR, LdapUserAuthenticator.class.getName() + ".create");
+
+ try {
+ getSystem(props);
+ fail("Expected an IllegalArgumentException while connection to DS");
+
+ } catch (IllegalArgumentException expected) {
+ // success
+ }
+ }
+
+ /**
+ * AuthInitialize is incorrect
+ */
+ @Test
+ public void testP2PAuthenticationWithInvalidAuthInitialize() throws Exception {
+ int locatorPort = getRandomAvailablePort(SOCKET);
+
+ CredentialGenerator gen = new DummyCredentialGenerator();
+ assertNotNull(gen.getAuthenticator());
+ assertNull(gen.getJavaProperties());
+
+ Properties props = new Properties();
+ props.setProperty(MCAST_PORT, "0");
+ props.setProperty(LOCATORS, getIPLiteral() + "[" + locatorPort + "]");
+ props.setProperty(SECURITY_PEER_AUTH_INIT, "Incorrect_AuthInitialize");
+ props.setProperty(SECURITY_PEER_AUTHENTICATOR, gen.getAuthenticator());
+
+ startTheLocator(props, gen.getJavaProperties(), locatorPort);
+
+ try {
+ new SecurityTestUtils("tmp").createSystem(props, null);
+ fail("AuthenticationFailedException was expected as the AuthInitialize object passed is incorrect");
+
+ } catch (AuthenticationFailedException expected) {
+ // success
+
+ } finally {
+ locatorVM.invoke(() -> stopLocator(locatorPort, ignoredExceptions));
+ }
+ }
+
+ /**
+ * Authenticator is incorrect
+ */
+ @Category(FlakyTest.class) // GEODE-1089: random port
+ @Test
+ public void testP2PAuthenticationWithInvalidAuthenticator() throws Exception {
+ int locatorPort = getRandomAvailablePort(SOCKET);
+
+ CredentialGenerator gen = new DummyCredentialGenerator();
+ assertNotNull(gen.getAuthInit());
+ assertNull(gen.getJavaProperties());
+
+ Properties props = new Properties();
+ props.setProperty(MCAST_PORT, "0");
+ props.setProperty(LOCATORS, getIPLiteral() + "[" + locatorPort + "]");
+ props.setProperty(SECURITY_PEER_AUTH_INIT, gen.getAuthInit());
+ props.setProperty(SECURITY_PEER_AUTHENTICATOR, "xyz");
+
+ startTheLocator(props, null, locatorPort);
+
+ try {
+ new SecurityTestUtils("tmp").createSystem(props, null);
+ fail("AuthenticationFailedException was expected as the Authenticator object passed is incorrect");
+
+ } catch (AuthenticationFailedException expected) {
+ // success
+
+ } finally {
+ locatorVM.invoke(() -> stopLocator(locatorPort, ignoredExceptions));
+ }
+ }
+
+ @Category(FlakyTest.class) // GEODE-1091: random port
+ @Test
+ public void testP2PAuthenticationWithNoCredentials() throws Exception {
+ int locatorPort = getRandomAvailablePort(SOCKET);
+
+ CredentialGenerator gen = new DummyCredentialGenerator();
+ assertNotNull(gen.getAuthenticator());
+ assertNotNull(gen.getAuthInit());
+ assertNull(gen.getJavaProperties());
+ assertNull(gen.getSystemProperties());
+
+ Properties props = new Properties();
+ props.setProperty(MCAST_PORT, "0");
+ props.setProperty(LOCATORS, getIPLiteral() + "[" + locatorPort + "]");
+ props.setProperty(SECURITY_PEER_AUTH_INIT, gen.getAuthInit());
+ props.setProperty(SECURITY_PEER_AUTHENTICATOR, gen.getAuthenticator());
+
+ startTheLocator(props, null, locatorPort);
+
+ try {
+ new SecurityTestUtils("tmp").createSystem(props, null);
+ fail("AuthenticationFailedException was expected as no credentials are set");
+
+ } catch (AuthenticationFailedException expected) {
+ // success
+
+ } finally {
+ locatorVM.invoke(() -> stopLocator(locatorPort, ignoredExceptions));
+ }
+ }
+
+ @Test
+ public void testP2PAuthenticationWithValidCredentials() throws Exception {
+ int locatorPort = getRandomAvailablePort(SOCKET);
+
+ CredentialGenerator gen = new DummyCredentialGenerator();
+ assertNotNull(gen.getAuthenticator());
+ assertNotNull(gen.getAuthInit());
+ assertNull(gen.getJavaProperties());
+ assertNull(gen.getSystemProperties());
+ assertNotNull(gen.getValidCredentials(1));
+
+ Properties props = new Properties();
+ props.setProperty(MCAST_PORT, "0");
+ props.setProperty(LOCATORS, getIPLiteral() + "[" + locatorPort + "]");
+ props.setProperty(SECURITY_PEER_AUTH_INIT, gen.getAuthInit());
+ props.setProperty(SECURITY_PEER_AUTHENTICATOR, gen.getAuthenticator());
+ props.putAll(gen.getValidCredentials(1));
+
+ startTheLocator(props, gen.getJavaProperties(), locatorPort);
+
+ try {
+ createDS(props, gen.getJavaProperties());
+ verifyMembers(2);
+ disconnectFromDS();
+
+ } finally {
+ locatorVM.invoke(() -> stopLocator(locatorPort, ignoredExceptions));
+ }
+ }
+
+ @Test
+ public void testP2PAuthenticationWithBothValidAndInValidCredentials() throws Exception {
+ addIgnoredException("Authentication failed");
+
+ int locatorPort = getRandomAvailablePort(SOCKET);
+
+ CredentialGenerator gen = new DummyCredentialGenerator();
+ assertNotNull(gen.getAuthenticator());
+ assertNotNull(gen.getAuthInit());
+ assertNotNull(gen.getInvalidCredentials(1));
+ assertNull(gen.getJavaProperties());
+ assertNull(gen.getSystemProperties());
+ assertNotNull(gen.getValidCredentials(1));
+ assertNotNull(gen.getValidCredentials(3));
+
+ Properties props = new Properties();
+ props.setProperty(MCAST_PORT, "0");
+ props.setProperty(LOCATORS, getIPLiteral() + "[" + locatorPort + "]");
+ props.setProperty(SECURITY_PEER_AUTH_INIT, gen.getAuthInit());
+ props.setProperty(SECURITY_PEER_AUTHENTICATOR, gen.getAuthenticator());
+ props.putAll(gen.getValidCredentials(1));
+
+ startTheLocator(props, null, locatorPort);
+
+ try {
+ // invalid credentials for the peer
+ props.putAll(gen.getInvalidCredentials(1));
+
+ try {
+ new SecurityTestUtils("tmp").createSystem(props, null);
+ fail("AuthenticationFailedException was expected as wrong credentials were passed");
+
+ } catch (AuthenticationFailedException expected) {
+ // success
+ }
+
+ props.putAll(gen.getValidCredentials(3));
+
+ createDS(props, null);
+ verifyMembers(2);
+ disconnectFromDS();
+
+ } finally {
+ locatorVM.invoke(() -> stopLocator(locatorPort, ignoredExceptions));
+ }
+ }
+
+ /**
+ * The strategy is to test view change reject by having two different
+ * authenticators on different VMs.
+ *
+ * Here locator will accept the credentials from peer2 but the first peer will
+ * reject them due to different authenticator. Hence the number of members
+ * reported by the first peer should be only two while others will report as
+ * three.
+ */
+ @Ignore("disabled for some reason?")
+ @Test
+ public void testP2PViewChangeReject() throws Exception {
+ final Host host = Host.getHost(0);
+ final VM peer2 = host.getVM(1);
+ final VM peer3 = host.getVM(2);
+
+ CredentialGenerator gen = new LdapUserCredentialGenerator();
+ gen.init();
+ Properties extraProps = gen.getSystemProperties();
+ String authenticator = gen.getAuthenticator();
+ String authInit = gen.getAuthInit();
+
+ if (extraProps == null) {
+ extraProps = new Properties();
+ }
+
+ CredentialGenerator gen2 = new DummyCredentialGenerator();
+ gen2.init();
+ Properties extraProps2 = gen2.getSystemProperties();
+ String authenticator2 = gen2.getAuthenticator();
+
+ if (extraProps2 == null) {
+ extraProps2 = new Properties();
+ }
+
+ // Start the locator with the LDAP authenticator
+ Properties props = new Properties();
+ int port = getRandomAvailablePort(SOCKET);
+ final String locators = getIPLiteral() +"["+port+"]";
+
+ props.setProperty(SECURITY_PEER_AUTH_INIT, authInit);
+ props.setProperty(SECURITY_PEER_AUTHENTICATOR, authenticator);
+ Properties credentials = gen.getValidCredentials(1);
+ Properties javaProps = gen.getJavaProperties();
+ props.putAll(credentials);
+ props.putAll(extraProps);
+
+ startTheLocator(props, javaProps, port);
+
+ try {
+
+ // Start the first peer with different authenticator
+ props = new Properties();
+ props.setProperty(MCAST_PORT, "0");
+ props.setProperty(LOCATORS, locators);
+ props.setProperty(SECURITY_PEER_AUTH_INIT, authInit);
+ props.setProperty(SECURITY_PEER_AUTHENTICATOR, authenticator2);
+
+ credentials = gen.getValidCredentials(3);
+ Properties javaProps2 = gen2.getJavaProperties();
+ props.putAll(credentials);
+ props.putAll(extraProps2);
+
+ createDS(props, javaProps2);
+
+ // Start the second peer with the same authenticator as locator
+ props = new Properties();
+ props.setProperty(MCAST_PORT, "0");
+ props.setProperty(LOCATORS, locators);
+ props.setProperty(SECURITY_PEER_AUTH_INIT, authInit);
+ props.setProperty(SECURITY_PEER_AUTHENTICATOR, authenticator);
+
+ credentials = gen.getValidCredentials(7);
+ javaProps = gen.getJavaProperties();
+ props.putAll(credentials);
+ props.putAll(extraProps);
+
+ createDS(peer2, props, javaProps);
+
+ createDS(peer3, props, javaProps);
+
+ // wait for view propagation
+ pause(2000);
+
+ // Verify the number of members on all peers and locator
+ locatorVM.invoke(() -> verifyMembers(4));
+ verifyMembers(2);
+ peer2.invoke(() -> verifyMembers(4));
+ peer3.invoke(() -> verifyMembers(4));
+
+ // Disconnect the first peer and check again
+ disconnectFromDS();
+ pause(2000);
+
+ locatorVM.invoke(() -> verifyMembers(3));
+ peer2.invoke(() -> verifyMembers(3));
+ peer3.invoke(() -> verifyMembers(3));
+
+ // Disconnect the second peer and check again
+ peer2.invoke(() -> disconnectFromDS());
+ pause(2000);
+
+ locatorVM.invoke(() -> verifyMembers(2));
+ peer3.invoke(() -> verifyMembers(2));
+
+ // Same for last peer
+ peer3.invoke(() -> disconnectFromDS());
+ pause(2000);
+
+ locatorVM.invoke(() -> verifyMembers(1));
+
+ } finally {
+ locatorVM.invoke(() -> stopLocator(port, ignoredExceptions));
+ }
+ }
+
+ /**
+ * The strategy is to test credential size greater than UDP datagram size.
+ *
+ * Here locator will accept the credentials from peer2 and the large credential
+ * from the first peer. Number of members in the DS
+ * should be four
+ */
+ @Test
+ public void testP2PLargeCredentialSucceeds() throws Exception {
+ int locatorPort = getRandomAvailablePort(SOCKET);
+
+ final Host host = Host.getHost(0);
+ final VM peer2 = host.getVM(1);
+ final VM peer3 = host.getVM(2);
+
+ CredentialGenerator gen = new DummyCredentialGenerator();
+ gen.init();
+
+ assertNotNull(gen.getAuthenticator());
+ assertNull(gen.getJavaProperties());
+ assertNull(gen.getSystemProperties());
+ assertNotNull(gen.getValidCredentials(1));
+
+ String authInit = UserPasswordWithExtraPropsAuthInit.class.getName() + ".create";
+ Properties credentials = gen.getValidCredentials(1);
+
+ Properties props = new Properties();
+ props.setProperty(SECURITY_PEER_AUTH_INIT, authInit);
+ props.setProperty(SECURITY_PEER_AUTHENTICATOR, gen.getAuthenticator());
+ props.putAll(credentials);
+
+ startTheLocator(props, null, locatorPort);
+
+ try {
+ // Start the first peer with huge credentials
+ props = new Properties();
+ props.setProperty(MCAST_PORT, "0");
+ props.setProperty(LOCATORS, getIPLiteral() + "[" + locatorPort + "]");
+ props.setProperty(SECURITY_PEER_AUTH_INIT, authInit);
+ props.setProperty(SECURITY_PEER_AUTHENTICATOR, gen.getAuthenticator());
+
+ String hugeStr = "20KString";
+ for (int i = 0; i <= 20000; i++) {
+ hugeStr += "A";
+ }
+
+ credentials = gen.getValidCredentials(3);
+ credentials.setProperty("security-keep-extra-props", "-");
+ credentials.setProperty("security-hugeentryone", hugeStr);
+ credentials.setProperty("security-hugeentrytwo", hugeStr);
+ credentials.setProperty("security-hugeentrythree", hugeStr);
+
+ props.putAll(credentials);
+
+ createDS(props, null);
+ // fail("AuthenticationFailedException was expected as credentials were passed beyond 50k"); --?
+
+ // Start the second peer with the same authenticator as locator
+ props = new Properties();
+ props.setProperty(MCAST_PORT, "0");
+ props.setProperty(LOCATORS, getIPLiteral() + "[" + locatorPort + "]");
+ props.setProperty(SECURITY_PEER_AUTH_INIT, authInit);
+ props.setProperty(SECURITY_PEER_AUTHENTICATOR, gen.getAuthenticator());
+
+ credentials = gen.getValidCredentials(7);
+ props.putAll(credentials);
+
+ createDS(peer2, props, null);
+ createDS(peer3, props, null);
+
+ // wait for view propagation
+ pause(2000);
+
+ // Verify the number of members on all peers and locator
+ locatorVM.invoke(() -> verifyMembers(4));
+ peer2.invoke(() -> verifyMembers(4));
+ peer3.invoke(() -> verifyMembers(4));
+
+ // Disconnect the peers
+ disconnectFromDS();
+ peer2.invoke(() -> disconnectFromDS());
+ peer3.invoke(() -> disconnectFromDS());
+
+ } finally {
+ locatorVM.invoke(() -> stopLocator(locatorPort, ignoredExceptions));
+ }
+ }
+
+ private void createDS(final VM peer2, final Properties props, final Properties javaProps) {
+ peer2.invoke(() -> createDS(props, javaProps));
+ }
+
+ private void startTheLocator(final Properties props, final Properties javaProps, final int port) {
+ locatorVM.invoke(() -> startLocator(getUniqueName(), port, props, javaProps, ignoredExceptions));
+ }
+
+ private static void createDS(final Properties props, final Properties javaProps) {
+ SecurityTestUtils tmpUtil = new SecurityTestUtils("tmp");
+ tmpUtil.createSystem(props, javaProps);
+ }
+
+ private static void verifyMembers(final int numExpectedMembers) {
+ DistributedSystem ds = InternalDistributedSystem.getAnyInstance();
+ MembershipManager mgr = MembershipManagerHelper.getMembershipManager(ds);
+ assertEquals(numExpectedMembers, mgr.getView().size());
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/PDXGfshPostProcessorOnRemoteServerTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/PDXGfshPostProcessorOnRemoteServerTest.java b/geode-core/src/test/java/org/apache/geode/security/PDXGfshPostProcessorOnRemoteServerTest.java
new file mode 100644
index 0000000..81b3add
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/PDXGfshPostProcessorOnRemoteServerTest.java
@@ -0,0 +1,159 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.gemstone.gemfire.security;
+
+import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+import static org.junit.Assert.*;
+
+import java.io.File;
+import java.util.Properties;
+import java.util.concurrent.TimeUnit;
+
+import com.jayway.awaitility.Awaitility;
+import org.apache.geode.security.templates.SampleSecurityManager;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import com.gemstone.gemfire.cache.Cache;
+import com.gemstone.gemfire.cache.CacheFactory;
+import com.gemstone.gemfire.cache.Region;
+import com.gemstone.gemfire.cache.RegionShortcut;
+import com.gemstone.gemfire.cache.server.CacheServer;
+import com.gemstone.gemfire.distributed.Locator;
+import com.gemstone.gemfire.distributed.internal.InternalDistributedSystem;
+import com.gemstone.gemfire.internal.AvailablePortHelper;
+import com.gemstone.gemfire.internal.security.SecurityService;
+import com.gemstone.gemfire.management.ManagementService;
+import com.gemstone.gemfire.management.cli.Result.Status;
+import com.gemstone.gemfire.management.internal.cli.CliUtil;
+import com.gemstone.gemfire.management.internal.cli.HeadlessGfsh;
+import com.gemstone.gemfire.management.internal.cli.i18n.CliStrings;
+import com.gemstone.gemfire.management.internal.cli.result.CommandResult;
+import com.gemstone.gemfire.management.internal.cli.util.CommandStringBuilder;
+import com.gemstone.gemfire.pdx.SimpleClass;
+import com.gemstone.gemfire.security.templates.UserPasswordAuthInit;
+import com.gemstone.gemfire.test.dunit.Host;
+import com.gemstone.gemfire.test.dunit.VM;
+import com.gemstone.gemfire.test.dunit.internal.JUnit4DistributedTestCase;
+import com.gemstone.gemfire.test.junit.categories.DistributedTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+
+@Category({ DistributedTest.class, SecurityTest.class })
+public class PDXGfshPostProcessorOnRemoteServerTest extends JUnit4DistributedTestCase {
+ protected static final String REGION_NAME = "AuthRegion";
+ protected VM locator = null;
+ protected VM server = null;
+
+ @Before
+ public void before() throws Exception {
+ final Host host = Host.getHost(0);
+ this.locator = host.getVM(0);
+ this.server = host.getVM(1);
+ }
+
+ @Test
+ public void testGfshCommand() throws Exception{
+ // set up locator with security
+ int[] ports = AvailablePortHelper.getRandomAvailableTCPPorts(2);
+ int locatorPort = ports[0];
+ int jmxPort = ports[1];
+ locator.invoke(()->{
+ Properties props = new Properties();
+ props.setProperty(SampleSecurityManager.SECURITY_JSON, "com/gemstone/gemfire/management/internal/security/clientServer.json");
+ props.setProperty(SECURITY_MANAGER, SampleSecurityManager.class.getName());
+ props.setProperty(MCAST_PORT, "0");
+ props.put(JMX_MANAGER, "true");
+ props.put(JMX_MANAGER_START, "true");
+ props.put(JMX_MANAGER_PORT, jmxPort+"");
+ props.setProperty(SECURITY_POST_PROCESSOR, PDXPostProcessor.class.getName());
+ Locator.startLocatorAndDS(locatorPort, new File("locator.log"), props);
+ });
+
+ // set up server with security
+ String locators = "localhost[" + locatorPort + "]";
+ server.invoke(()->{
+ Properties props = new Properties();
+ props.setProperty(MCAST_PORT, "0");
+ props.setProperty(LOCATORS, locators);
+ props.setProperty(SECURITY_MANAGER, SampleSecurityManager.class.getName());
+ props.setProperty(SampleSecurityManager.SECURITY_JSON, "com/gemstone/gemfire/management/internal/security/clientServer.json");
+ props.setProperty(SECURITY_POST_PROCESSOR, PDXPostProcessor.class.getName());
+
+ // the following are needed for peer-to-peer authentication
+ props.setProperty(SECURITY_PEER_AUTH_INIT, UserPasswordAuthInit.class.getName());
+ props.setProperty("security-username", "super-user");
+ props.setProperty("security-password", "1234567");
+ InternalDistributedSystem ds = getSystem(props);
+
+ Cache cache = CacheFactory.create(ds);
+ Region region = cache.createRegionFactory(RegionShortcut.REPLICATE).create(REGION_NAME);
+
+ CacheServer server = cache.addCacheServer();
+ server.setPort(0);
+ server.start();
+
+ for(int i=0; i<5; i++){
+ SimpleClass obj = new SimpleClass(i, (byte)i);
+ region.put("key"+i, obj);
+ }
+ });
+
+ // wait until the region bean is visible
+ locator.invoke(()->{
+ Awaitility.await().pollInterval(500, TimeUnit.MICROSECONDS).atMost(5, TimeUnit.SECONDS).until(()->{
+ Cache cache = CacheFactory.getAnyInstance();
+ Object bean = ManagementService.getManagementService(cache).getDistributedRegionMXBean("/"+REGION_NAME);
+ return bean != null;
+ });
+ });
+
+ // run gfsh command in this vm
+ CliUtil.isGfshVM = true;
+ String shellId = getClass().getSimpleName();
+ HeadlessGfsh gfsh = new HeadlessGfsh(shellId, 30, "gfsh_files");
+
+ // connect to the jmx server
+ final CommandStringBuilder connectCommand = new CommandStringBuilder(CliStrings.CONNECT);
+ connectCommand.addOption(CliStrings.CONNECT__USERNAME, "dataUser");
+ connectCommand.addOption(CliStrings.CONNECT__PASSWORD, "1234567");
+
+ String endpoint = "localhost[" + jmxPort + "]";
+ connectCommand.addOption(CliStrings.CONNECT__JMX_MANAGER, endpoint);
+
+ gfsh.executeCommand(connectCommand.toString());
+ CommandResult result = (CommandResult)gfsh.getResult();
+
+ // get command
+ gfsh.executeCommand("get --key=key1 --region=AuthRegion");
+ result = (CommandResult) gfsh.getResult();
+ assertEquals(result.getStatus(), Status.OK);
+ assertTrue(result.getContent().toString().contains(SimpleClass.class.getName()));
+
+ gfsh.executeCommand("query --query=\"select * from /AuthRegion\"");
+ result = (CommandResult)gfsh.getResult();
+
+ CliUtil.isGfshVM = false;
+ server.invoke(()-> {
+ PDXPostProcessor pp = (PDXPostProcessor) SecurityService.getSecurityService().getPostProcessor();
+ // verify that the post processor is called 6 times. (5 for the query, 1 for the get)
+ assertEquals(pp.getCount(), 6);
+ });
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/PDXPostProcessor.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/PDXPostProcessor.java b/geode-core/src/test/java/org/apache/geode/security/PDXPostProcessor.java
new file mode 100644
index 0000000..0b03b66
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/PDXPostProcessor.java
@@ -0,0 +1,60 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import static org.junit.Assert.*;
+
+import java.util.Arrays;
+import java.util.Properties;
+
+import org.apache.geode.security.PostProcessor;
+
+import com.gemstone.gemfire.pdx.SimpleClass;
+import com.gemstone.gemfire.pdx.internal.PdxInstanceImpl;
+
+public class PDXPostProcessor implements PostProcessor{
+ public static byte[] BYTES = {1,0};
+
+ private boolean pdx = false;
+ private int count = 0;
+
+ public void init(Properties props){
+ pdx = Boolean.parseBoolean(props.getProperty("security-pdx"));
+ count = 0;
+ }
+ @Override
+ public Object processRegionValue(final Object principal,
+ final String regionName,
+ final Object key,
+ final Object value) {
+ count ++;
+ if(value instanceof byte[]){
+ assertTrue(Arrays.equals(BYTES, (byte[])value));
+ }
+ else if(pdx){
+ assertTrue(value instanceof PdxInstanceImpl);
+ }
+ else {
+ assertTrue(value instanceof SimpleClass);
+ }
+ return value;
+ }
+
+ public int getCount(){
+ return count;
+ }
+}
[03/15] incubator-geode git commit: GEODE-37 Renamed security related
stuff
Posted by hi...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/generator/AuthzCredentialGenerator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/generator/AuthzCredentialGenerator.java b/geode-core/src/test/java/org/apache/geode/security/generator/AuthzCredentialGenerator.java
new file mode 100755
index 0000000..1a99974
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/generator/AuthzCredentialGenerator.java
@@ -0,0 +1,447 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security.generator;
+
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+
+import org.apache.logging.log4j.Logger;
+
+import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
+import com.gemstone.gemfire.internal.logging.LogService;
+import com.gemstone.gemfire.security.AccessControl;
+import com.gemstone.gemfire.security.templates.DummyAuthorization;
+import com.gemstone.gemfire.security.templates.XmlAuthorization;
+
+/**
+ * Encapsulates obtaining authorized and unauthorized credentials for a given
+ * operation in a region. Implementations will be for different kinds of
+ * authorization scheme and authentication scheme combos.
+ *
+ * @since GemFire 5.5
+ */
+public abstract class AuthzCredentialGenerator {
+
+ private static final Logger logger = LogService.getLogger();
+
+ /**
+ * The {@link CredentialGenerator} being used.
+ */
+ protected CredentialGenerator generator;
+
+ /**
+ * A set of system properties that should be added to the gemfire system
+ * properties before using the authorization module.
+ */
+ private Properties systemProperties;
+
+ /**
+ * A factory method to create a new instance of an
+ * {@link AuthzCredentialGenerator} for the given {@link ClassCode}. Caller
+ * is supposed to invoke {@link AuthzCredentialGenerator#init} immediately
+ * after obtaining the instance.
+ *
+ * @param classCode
+ * the {@code ClassCode} of the {@code AuthzCredentialGenerator}
+ * implementation
+ *
+ * @return an instance of {@code AuthzCredentialGenerator} for the given
+ * class code
+ */
+ public static AuthzCredentialGenerator create(final ClassCode classCode) {
+ switch (classCode.classType) {
+ case ClassCode.ID_DUMMY:
+ return new DummyAuthzCredentialGenerator();
+ case ClassCode.ID_XML:
+ return new XmlAuthzCredentialGenerator();
+ default:
+ return null;
+ }
+ }
+
+ /**
+ * Initialize the authorized credential generator.
+ *
+ * @param generator
+ * an instance of {@link CredentialGenerator} of the credential
+ * implementation for which to obtain authorized/unauthorized
+ * credentials.
+ *
+ * @return false when the given {@link CredentialGenerator} is incompatible
+ * with this authorization module.
+ */
+ public boolean init(final CredentialGenerator generator) {
+ this.generator = generator;
+ try {
+ this.systemProperties = init();
+ } catch (IllegalArgumentException ex) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ *
+ * @return A set of extra properties that should be added to Gemfire system
+ * properties when not null.
+ */
+ public Properties getSystemProperties() {
+ return this.systemProperties;
+ }
+
+ /**
+ * Get the {@link CredentialGenerator} being used by this instance.
+ */
+ public CredentialGenerator getCredentialGenerator() {
+ return this.generator;
+ }
+
+ /**
+ * Initialize the authorized credential generator.
+ *
+ * Required to be implemented by concrete classes that implement this abstract
+ * class.
+ *
+ * @return A set of extra properties that should be added to Gemfire system
+ * properties when not null.
+ *
+ * @throws IllegalArgumentException when the {@link CredentialGenerator} is
+ * incompatible with this authorization module.
+ */
+ protected abstract Properties init() throws IllegalArgumentException;
+
+ /**
+ * The {@link ClassCode} of the particular implementation.
+ *
+ * @return the {@code ClassCode}
+ */
+ public abstract ClassCode classCode();
+
+ /**
+ * The name of the {@link AccessControl} factory function that should be used
+ * as the authorization module on the server side.
+ *
+ * @return name of the {@code AccessControl} factory function
+ */
+ public abstract String getAuthorizationCallback();
+
+ /**
+ * Get a set of credentials generated using the given index allowed to perform
+ * the given {@link OperationCode}s for the given regions.
+ *
+ * @param opCodes
+ * the list of {@link OperationCode}s of the operations requiring
+ * authorization; should not be null
+ * @param regionNames
+ * list of the region names requiring authorization; a value of
+ * null indicates all regions
+ * @param index
+ * used to generate multiple such credentials by passing different
+ * values for this
+ *
+ * @return the set of credentials authorized to perform the given operation in
+ * the given regions
+ */
+ public Properties getAllowedCredentials(final OperationCode[] opCodes, final String[] regionNames, final int index) {
+ int numTries = getNumPrincipalTries(opCodes, regionNames);
+ if (numTries <= 0) {
+ numTries = 1;
+ }
+
+ for (int tries = 0; tries < numTries; tries++) {
+ final Principal principal = getAllowedPrincipal(opCodes, regionNames, (index + tries) % numTries);
+ try {
+ return this.generator.getValidCredentials(principal);
+ } catch (IllegalArgumentException ex) {
+ }
+ }
+ return null;
+ }
+
+ /**
+ * Get a set of credentials generated using the given index not allowed to
+ * perform the given {@link OperationCode}s for the given regions. The
+ * credentials are required to be valid for authentication.
+ *
+ * @param opCodes
+ * the {@link OperationCode}s of the operations requiring
+ * authorization failure; should not be null
+ * @param regionNames
+ * list of the region names requiring authorization failure; a value
+ * of null indicates all regions
+ * @param index
+ * used to generate multiple such credentials by passing different
+ * values for this
+ *
+ * @return the set of credentials that are not authorized to perform the given
+ * operation in the given region
+ */
+ public Properties getDisallowedCredentials(final OperationCode[] opCodes, final String[] regionNames, final int index) {
+ // This may not be very correct since we use the value of
+ // getNumPrincipalTries() but is used to avoid adding another method.
+ // Also something like getNumDisallowedPrincipals() will be normally always
+ // infinite, and the number here is just to perform some number of tries
+ // before giving up.
+
+ int numTries = getNumPrincipalTries(opCodes, regionNames);
+ if (numTries <= 0) {
+ numTries = 1;
+ }
+
+ for (int tries = 0; tries < numTries; tries++) {
+ final Principal principal = getDisallowedPrincipal(opCodes, regionNames, (index + tries) % numTries);
+ try {
+ return this.generator.getValidCredentials(principal);
+ } catch (IllegalArgumentException ex) {
+ }
+ }
+ return null;
+ }
+
+ /**
+ * Get the number of tries to be done for obtaining valid credentials for the
+ * given operations in the given region. It is required that
+ * {@link #getAllowedPrincipal} method returns valid principals for values of
+ * {@code index} from 0 through (n-1) where {@code n} is the
+ * value returned by this method. It is recommended that the principals so
+ * returned be unique for efficiency.
+ *
+ * This will be used by {@link #getAllowedCredentials} to step through
+ * different principals and obtain a set of valid credentials.
+ *
+ * Required to be implemented by concrete classes that implement this abstract
+ * class.
+ *
+ * @param opCodes
+ * the {@link OperationCode}s of the operations requiring
+ * authorization
+ * @param regionNames
+ * list of the region names requiring authorization; a value of null
+ * indicates all regions
+ *
+ * @return the number of principals allowed to perform the given operation in
+ * the given region
+ */
+ protected abstract int getNumPrincipalTries(final OperationCode[] opCodes, final String[] regionNames);
+
+ /**
+ * Get a {@link Principal} generated using the given index allowed to perform
+ * the given {@link OperationCode}s for the given region.
+ *
+ * Required to be implemented by concrete classes that implement this abstract
+ * class.
+ *
+ * @param opCodes
+ * the {@link OperationCode}s of the operations requiring
+ * authorization
+ * @param regionNames
+ * list of the region names requiring authorization; a value of null
+ * indicates all regions
+ * @param index
+ * used to generate multiple such principals by passing different
+ * values for this
+ *
+ * @return the {@link Principal} authorized to perform the given operation in
+ * the given region
+ */
+ protected abstract Principal getAllowedPrincipal(final OperationCode[] opCodes, final String[] regionNames, final int index);
+
+ /**
+ * Get a {@link Principal} generated using the given index not allowed to
+ * perform the given {@link OperationCode}s for the given region.
+ *
+ * Required to be implemented by concrete classes that implement this abstract
+ * class.
+ *
+ * @param opCodes
+ * the {@link OperationCode}s of the operations requiring
+ * authorization failure
+ * @param regionNames
+ * list of the region names requiring authorization failure; a value
+ * of null indicates all regions
+ * @param index
+ * used to generate multiple such principals by passing different
+ * values for this
+ *
+ * @return a {@link Principal} not authorized to perform the given operation
+ * in the given region
+ */
+ protected abstract Principal getDisallowedPrincipal(final OperationCode[] opCodes, final String[] regionNames, final int index);
+
+ /**
+ * Enumeration for various {@link AuthzCredentialGenerator} implementations.
+ *
+ * <p>The following schemes are supported as of now:
+ * <ul>
+ * <li>{@code DummyAuthorization} with {@code DummyAuthenticator}</li>
+ * <li>{@code XMLAuthorization} with {@code DummyAuthenticator}</li>
+ * <li>{@code XMLAuthorization} with {@code LDAPAuthenticator}</li>
+ * <li>{@code XMLAuthorization} with {@code PKCSAuthenticator}</li>
+ * <li>{@code XMLAuthorization} when using SSL sockets</li>
+ * </ul>
+ *
+ * <p>To add a new authorization scheme the following needs to be done:
+ * <ul>
+ * <li>Add implementation for {@link AccessControl}.</li>
+ * <li>Choose the authentication schemes that it shall work with from
+ * {@link CredentialGenerator.ClassCode}</li>
+ * <li>Add a new enumeration value for the scheme in this class. Notice the
+ * size of {@code VALUES} array and increase that if it is getting
+ * overflowed. Note the methods and fields for existing schemes and add for
+ * the new one in a similar manner.</li>
+ * <li>Add an implementation for {@link AuthzCredentialGenerator}. Note the
+ * {@link AuthzCredentialGenerator#init} method where different authentication
+ * schemes can be passed and initialize differently for the authentication
+ * schemes that shall be handled.</li>
+ * <li>Modify the {@link AuthzCredentialGenerator#create} method to add
+ * creation of an instance of the new implementation for the
+ * {@code ClassCode} enumeration value.</li>
+ * </ul>
+ *
+ * <p>All dunit tests will automagically start testing the new implementation
+ * after this.
+ *
+ * @since GemFire 5.5
+ */
+ public static final class ClassCode {
+
+ private static byte nextOrdinal = 0;
+
+ private static final byte ID_DUMMY = 1;
+ private static final byte ID_XML = 2;
+
+ private static final ClassCode[] VALUES = new ClassCode[10];
+ private static final Map CODE_NAME_MAP = new HashMap();
+
+ public static final ClassCode DUMMY = new ClassCode(DummyAuthorization.class.getName() + ".create", ID_DUMMY);
+ public static final ClassCode XML = new ClassCode(XmlAuthorization.class.getName() + ".create", ID_XML);
+
+ /** The name of this class. */
+ private final String name;
+
+ /** byte used as ordinal to represent this class */
+ private final byte ordinal;
+
+ /**
+ * One of the following: ID_DUMMY, ID_LDAP, ID_PKI
+ */
+ private final byte classType;
+
+ /** Creates a new instance of class code. */
+ private ClassCode(final String name, final byte classType) {
+ this.name = name;
+ this.classType = classType;
+ this.ordinal = nextOrdinal++;
+ VALUES[this.ordinal] = this;
+ CODE_NAME_MAP.put(name, this);
+ }
+
+ public boolean isDummy() {
+ return this.classType == ID_DUMMY;
+ }
+
+ public boolean isXml() {
+ return this.classType == ID_XML;
+ }
+
+ /**
+ * Returns the {@code ClassCode} represented by specified ordinal.
+ */
+ public static ClassCode fromOrdinal(final byte ordinal) {
+ return VALUES[ordinal];
+ }
+
+ /**
+ * Returns the {@code ClassCode} represented by specified string.
+ */
+ public static ClassCode parse(final String operationName) {
+ return (ClassCode) CODE_NAME_MAP.get(operationName);
+ }
+
+ /**
+ * Returns all the possible values.
+ */
+ public static List getAll() {
+ final List codes = new ArrayList();
+ for (Iterator iter = CODE_NAME_MAP.values().iterator(); iter.hasNext();) {
+ codes.add(iter.next());
+ }
+ return codes;
+ }
+
+ /**
+ * Returns the ordinal for this class code.
+ *
+ * @return the ordinal of this class code.
+ */
+ public byte toOrdinal() {
+ return this.ordinal;
+ }
+
+ /**
+ * Returns a string representation for this class code.
+ *
+ * @return the name of this class code.
+ */
+ @Override
+ public final String toString() {
+ return this.name;
+ }
+
+ /**
+ * Indicates whether other object is same as this one.
+ *
+ * @return true if other object is same as this one.
+ */
+ @Override
+ public final boolean equals(final Object obj) {
+ if (obj == this) {
+ return true;
+ }
+ if (!(obj instanceof ClassCode)) {
+ return false;
+ }
+ final ClassCode other = (ClassCode)obj;
+ return other.ordinal == this.ordinal;
+ }
+
+ /**
+ * Indicates whether other {@code ClassCode} is same as this one.
+ *
+ * @return true if other {@code ClassCode} is same as this one.
+ */
+ public final boolean equals(final ClassCode opCode) {
+ return opCode != null && opCode.ordinal == this.ordinal;
+ }
+
+ /**
+ * Returns a hash code value for this {@code ClassCode} which is the
+ * same as its ordinal.
+ *
+ * @return the ordinal of this {@code ClassCode}.
+ */
+ @Override
+ public final int hashCode() {
+ return this.ordinal;
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/generator/CredentialGenerator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/generator/CredentialGenerator.java b/geode-core/src/test/java/org/apache/geode/security/generator/CredentialGenerator.java
new file mode 100755
index 0000000..90584cd
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/generator/CredentialGenerator.java
@@ -0,0 +1,333 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security.generator;
+
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+
+import org.apache.logging.log4j.Logger;
+
+import com.gemstone.gemfire.internal.logging.LogService;
+import com.gemstone.gemfire.security.AuthInitialize;
+import com.gemstone.gemfire.security.Authenticator;
+import com.gemstone.gemfire.security.templates.DummyAuthenticator;
+import com.gemstone.gemfire.security.templates.LdapUserAuthenticator;
+import com.gemstone.gemfire.security.templates.PKCSAuthenticator;
+
+/**
+ * Encapsulates obtaining valid and invalid credentials. Implementations will be
+ * for different kinds of authentication schemes.
+ *
+ * @since GemFire 5.5
+ */
+public abstract class CredentialGenerator {
+
+ private static final Logger logger = LogService.getLogger();
+
+ /**
+ * A set of properties that should be added to the Gemfire system properties
+ * before using the authentication module.
+ */
+ private Properties systemProperties = null;
+
+ /**
+ * A set of properties that should be added to the java system properties
+ * before using the authentication module.
+ */
+ protected Properties javaProperties = null;
+
+ /**
+ * A factory method to create a new instance of an {@link CredentialGenerator}
+ * for the given {@link ClassCode}. Caller is supposed to invoke
+ * {@link CredentialGenerator#init} immediately after obtaining the instance.
+ *
+ * @param classCode
+ * the {@code ClassCode} of the {@code CredentialGenerator}
+ * implementation
+ *
+ * @return an instance of {@code CredentialGenerator} for the given class
+ * code
+ */
+ public static CredentialGenerator create(final ClassCode classCode) {
+ switch (classCode.classType) {
+ // Removing dummy one to reduce test run times
+ // case ClassCode.ID_DUMMY:
+ // return new DummyCredentialGenerator();
+ case ClassCode.ID_LDAP:
+ return new LdapUserCredentialGenerator();
+ // case ClassCode.ID_SSL:�
+ // return new SSLCredentialGenerator();
+ case ClassCode.ID_PKCS:
+ return new PKCSCredentialGenerator();
+ default:
+ return null;
+ }
+ }
+
+ /**
+ * Initialize the credential generator.
+ *
+ * @throws IllegalArgumentException when there is a problem during
+ * initialization
+ */
+ public void init() throws IllegalArgumentException {
+ this.systemProperties = initialize();
+ logger.info("Generating CredentialGenerator with {}", this.systemProperties);
+ }
+
+ /**
+ * @return A set of extra properties that should be added to Gemfire system
+ * properties when not null.
+ */
+ public Properties getSystemProperties() {
+ return this.systemProperties;
+ }
+
+ /**
+ * @return A set of extra properties that should be added to Gemfire system
+ * properties when not null.
+ */
+ public Properties getJavaProperties() {
+ return this.javaProperties;
+ }
+
+ /**
+ * The {@link ClassCode} of this particular implementation.
+ *
+ * @return the {@code ClassCode}
+ */
+ public abstract ClassCode classCode();
+
+ /**
+ * The name of the {@link AuthInitialize} factory function that should be used
+ * in conjunction with the credentials generated by this generator.
+ *
+ * @return name of the {@code AuthInitialize} factory function
+ */
+ public abstract String getAuthInit();
+
+ /**
+ * The name of the {@link Authenticator} factory function that should be used
+ * in conjunction with the credentials generated by this generator.
+ *
+ * @return name of the {@code Authenticator} factory function
+ */
+ public abstract String getAuthenticator();
+
+ /**
+ * Get a set of valid credentials generated using the given index.
+ */
+ public abstract Properties getValidCredentials(final int index);
+
+ /**
+ * Get a set of valid credentials for the given {@link Principal}.
+ *
+ * @return credentials for the given {@code Principal} or null if none
+ * possible.
+ */
+ public abstract Properties getValidCredentials(final Principal principal);
+
+ /**
+ * Get a set of invalid credentials generated using the given index.
+ */
+ public abstract Properties getInvalidCredentials(final int index);
+
+ /**
+ * Initialize the credential generator. This is provided separately from the
+ * {@link #init()} method for convenience of implementations so that they do not
+ * need to store in {@link #systemProperties}. The latter is convenient for the users
+ * who do not need to store these properties rather can obtain it later by
+ * invoking {@link #getSystemProperties()}
+ *
+ * <p>Required to be implemented by concrete classes that implement this abstract
+ * class.
+ *
+ * @return A set of extra properties that should be added to Gemfire system
+ * properties when not null.
+ *
+ * @throws IllegalArgumentException when there is a problem during
+ * initialization
+ */
+ protected abstract Properties initialize() throws IllegalArgumentException;
+
+ /**
+ * Enumeration for various {@link CredentialGenerator} implementations.
+ *
+ * <p>The following schemes are supported as of now:
+ * {@code DummyAuthenticator}, {@code LdapUserAuthenticator},
+ * {@code PKCSAuthenticator}. In addition SSL socket mode with mutual
+ * authentication is also supported.
+ *
+ * <p>To add a new authentication scheme the following needs to be done:
+ * <ul>
+ * <li>Add implementations for {@link AuthInitialize} and
+ * {@link Authenticator} classes for clients/peers.</li>
+ * <li>Add a new enumeration value for the scheme in this class. Notice the
+ * size of {@code VALUES} array and increase that if it is getting
+ * overflowed. Note the methods and fields for existing schemes and add for
+ * the new one in a similar manner.</li>
+ * <li>Add an implementation for {@link CredentialGenerator}.</li>
+ * <li>Modify the CredentialGenerator.Factory#create [no such Factory exists] method to add
+ * creation of an instance of the new implementation for the
+ * {@code ClassCode} enumeration value.</li>
+ * </ul>
+ *
+ * <p>All security dunit tests will automagically start testing the new
+ * implementation after this.
+ *
+ * @since GemFire 5.5
+ */
+ public static final class ClassCode {
+
+ private static byte nextOrdinal = 0;
+
+ private static final byte ID_DUMMY = 1;
+ private static final byte ID_LDAP = 2;
+ private static final byte ID_PKCS = 3;
+ private static final byte ID_SSL = 4;
+
+ private static final ClassCode[] VALUES = new ClassCode[10];
+ private static final Map CODE_NAME_MAP = new HashMap();
+
+ public static final ClassCode DUMMY = new ClassCode(DummyAuthenticator.class.getName() + ".create", ID_DUMMY);
+ public static final ClassCode LDAP = new ClassCode(LdapUserAuthenticator.class.getName() + ".create", ID_LDAP);
+ public static final ClassCode PKCS = new ClassCode(PKCSAuthenticator.class.getName() + ".create", ID_PKCS);
+ public static final ClassCode SSL = new ClassCode("SSL", ID_SSL);
+
+ /** The name of this class. */
+ private final String name;
+
+ /** byte used as ordinal to represent this class */
+ private final byte ordinal;
+
+ /**
+ * One of the following: ID_DUMMY, ID_LDAP, ID_PKCS
+ */
+ private final byte classType;
+
+ /** Creates a new instance of class code. */
+ private ClassCode(final String name, final byte classType) {
+ this.name = name;
+ this.classType = classType;
+ this.ordinal = nextOrdinal++;
+ VALUES[this.ordinal] = this;
+ CODE_NAME_MAP.put(name, this);
+ }
+
+ public boolean isDummy() {
+ return this.classType == ID_DUMMY;
+ }
+
+ public boolean isLDAP() {
+ return this.classType == ID_LDAP;
+ }
+
+ public boolean isPKCS() {
+ return this.classType == ID_PKCS;
+ }
+
+ public boolean isSSL() {
+ return this.classType == ID_SSL;
+ }
+
+ /**
+ * Returns the {@code ClassCode} represented by specified ordinal.
+ */
+ public static ClassCode fromOrdinal(final byte ordinal) {
+ return VALUES[ordinal];
+ }
+
+ /**
+ * Returns the {@code ClassCode} represented by specified string.
+ */
+ public static ClassCode parse(final String operationName) {
+ return (ClassCode) CODE_NAME_MAP.get(operationName);
+ }
+
+ /**
+ * Returns all the possible values.
+ */
+ public static List getAll() {
+ final List codes = new ArrayList();
+ for (Iterator iter = CODE_NAME_MAP.values().iterator(); iter.hasNext();) {
+ codes.add(iter.next());
+ }
+ return codes;
+ }
+
+ /**
+ * Returns the ordinal for this operation code.
+ *
+ * @return the ordinal of this operation.
+ */
+ public byte toOrdinal() {
+ return this.ordinal;
+ }
+
+ /**
+ * Returns a string representation for this operation.
+ *
+ * @return the name of this operation.
+ */
+ @Override
+ public final String toString() {
+ return this.name;
+ }
+
+ /**
+ * Indicates whether other object is same as this one.
+ *
+ * @return true if other object is same as this one.
+ */
+ @Override
+ public final boolean equals(final Object obj) {
+ if (obj == this) {
+ return true;
+ }
+ if (!(obj instanceof ClassCode)) {
+ return false;
+ }
+ final ClassCode other = (ClassCode)obj;
+ return other.ordinal == this.ordinal;
+ }
+
+ /**
+ * Indicates whether other {@code ClassCode} is same as this one.
+ *
+ * @return true if other {@code ClassCode} is same as this one.
+ */
+ public final boolean equals(final ClassCode opCode) {
+ return opCode != null && opCode.ordinal == this.ordinal;
+ }
+
+ /**
+ * Returns a hash code value for this {@code ClassCode} which is the
+ * same as its ordinal.
+ *
+ * @return the ordinal of this operation.
+ */
+ @Override
+ public final int hashCode() {
+ return this.ordinal;
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/generator/DummyAuthzCredentialGenerator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/generator/DummyAuthzCredentialGenerator.java b/geode-core/src/test/java/org/apache/geode/security/generator/DummyAuthzCredentialGenerator.java
new file mode 100755
index 0000000..64fb84a
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/generator/DummyAuthzCredentialGenerator.java
@@ -0,0 +1,129 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security.generator;
+
+import java.security.Principal;
+import java.util.HashSet;
+import java.util.Properties;
+import java.util.Set;
+
+import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
+import com.gemstone.gemfire.security.templates.DummyAuthorization;
+import com.gemstone.gemfire.security.templates.UsernamePrincipal;
+
+public class DummyAuthzCredentialGenerator extends AuthzCredentialGenerator {
+
+ public static final byte READER_ROLE = 1;
+ public static final byte WRITER_ROLE = 2;
+ public static final byte ADMIN_ROLE = 3;
+
+ private static Set readerOpsSet;
+ private static Set writerOpsSet;
+
+ static {
+ readerOpsSet = new HashSet();
+ for (int index = 0; index < DummyAuthorization.READER_OPS.length; index++) {
+ readerOpsSet.add(DummyAuthorization.READER_OPS[index]);
+ }
+
+ writerOpsSet = new HashSet();
+ for (int index = 0; index < DummyAuthorization.WRITER_OPS.length; index++) {
+ writerOpsSet.add(DummyAuthorization.WRITER_OPS[index]);
+ }
+ }
+
+ public static byte getRequiredRole(final OperationCode[] opCodes) {
+ byte roleType = ADMIN_ROLE;
+ boolean requiresReader = true;
+ boolean requiresWriter = true;
+
+ for (int opNum = 0; opNum < opCodes.length; opNum++) {
+ if (requiresReader && !readerOpsSet.contains(opCodes[opNum])) {
+ requiresReader = false;
+ }
+ if (requiresWriter && !writerOpsSet.contains(opCodes[opNum])) {
+ requiresWriter = false;
+ }
+ }
+ if (requiresReader) {
+ roleType = READER_ROLE;
+ }
+ else if (requiresWriter) {
+ roleType = WRITER_ROLE;
+ }
+ return roleType;
+ }
+
+ @Override
+ protected Properties init() throws IllegalArgumentException {
+ if (!this.generator.classCode().isDummy()) {
+ throw new IllegalArgumentException("DummyAuthorization module only works with DummyAuthenticator");
+ }
+ return null;
+ }
+
+ @Override
+ public ClassCode classCode() {
+ return ClassCode.DUMMY;
+ }
+
+ @Override
+ public String getAuthorizationCallback() {
+ return DummyAuthorization.class.getName() + ".create";
+ }
+
+ @Override
+ protected Principal getAllowedPrincipal(final OperationCode[] opCodes, final String[] regionNames, final int index) {
+ final byte roleType = getRequiredRole(opCodes);
+ return getPrincipal(roleType, index);
+ }
+
+ @Override
+ protected Principal getDisallowedPrincipal(final OperationCode[] opCodes, final String[] regionNames, final int index) {
+ byte roleType = getRequiredRole(opCodes);
+ byte disallowedRoleType;
+ switch (roleType) {
+ case READER_ROLE:
+ disallowedRoleType = WRITER_ROLE;
+ break;
+ case WRITER_ROLE:
+ disallowedRoleType = READER_ROLE;
+ break;
+ default:
+ disallowedRoleType = READER_ROLE;
+ break;
+ }
+ return getPrincipal(disallowedRoleType, index);
+ }
+
+ @Override
+ protected int getNumPrincipalTries(final OperationCode[] opCodes, final String[] regionNames) {
+ return 5;
+ }
+
+ private Principal getPrincipal(final byte roleType, final int index) {
+ String[] admins = new String[] { "root", "admin", "administrator" };
+ switch (roleType) {
+ case READER_ROLE:
+ return new UsernamePrincipal("reader" + index);
+ case WRITER_ROLE:
+ return new UsernamePrincipal("writer" + index);
+ default:
+ return new UsernamePrincipal(admins[index % admins.length]);
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/generator/DummyCredentialGenerator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/generator/DummyCredentialGenerator.java b/geode-core/src/test/java/org/apache/geode/security/generator/DummyCredentialGenerator.java
new file mode 100755
index 0000000..77ffbd9
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/generator/DummyCredentialGenerator.java
@@ -0,0 +1,89 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security.generator;
+
+import java.security.Principal;
+import java.util.Properties;
+
+import com.gemstone.gemfire.security.templates.DummyAuthenticator;
+import com.gemstone.gemfire.security.templates.UserPasswordAuthInit;
+
+public class DummyCredentialGenerator extends CredentialGenerator {
+
+ @Override
+ protected Properties initialize() throws IllegalArgumentException {
+ return null;
+ }
+
+ @Override
+ public ClassCode classCode() {
+ return ClassCode.DUMMY;
+ }
+
+ @Override
+ public String getAuthInit() {
+ return UserPasswordAuthInit.class.getName() + ".create";
+ }
+
+ @Override
+ public String getAuthenticator() {
+ return DummyAuthenticator.class.getName() + ".create";
+ }
+
+ @Override
+ public Properties getValidCredentials(final int index) {
+ final String[] validGroups = new String[] { "admin", "user", "reader", "writer" };
+ final String[] admins = new String[] { "root", "admin", "administrator" };
+
+ final Properties props = new Properties();
+ final int groupNum = index % validGroups.length;
+
+ String userName;
+ if (groupNum == 0) {
+ userName = admins[index % admins.length];
+ } else {
+ userName = validGroups[groupNum] + (index / validGroups.length);
+ }
+
+ props.setProperty(UserPasswordAuthInit.USER_NAME, userName);
+ props.setProperty(UserPasswordAuthInit.PASSWORD, userName);
+ return props;
+ }
+
+ @Override
+ public Properties getValidCredentials(final Principal principal) {
+ final String userName = principal.getName();
+
+ if (DummyAuthenticator.checkValidName(userName)) {
+ Properties props = new Properties();
+ props.setProperty(UserPasswordAuthInit.USER_NAME, userName);
+ props.setProperty(UserPasswordAuthInit.PASSWORD, userName);
+ return props;
+
+ } else {
+ throw new IllegalArgumentException("Dummy: [" + userName + "] is not a valid user");
+ }
+ }
+
+ @Override
+ public Properties getInvalidCredentials(int index) {
+ Properties props = new Properties();
+ props.setProperty(UserPasswordAuthInit.USER_NAME, "invalid" + index);
+ props.setProperty(UserPasswordAuthInit.PASSWORD, "none");
+ return props;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/generator/LdapUserCredentialGenerator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/generator/LdapUserCredentialGenerator.java b/geode-core/src/test/java/org/apache/geode/security/generator/LdapUserCredentialGenerator.java
new file mode 100755
index 0000000..7cde86d
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/generator/LdapUserCredentialGenerator.java
@@ -0,0 +1,165 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security.generator;
+
+import com.gemstone.gemfire.distributed.internal.DistributionConfig;
+import com.gemstone.gemfire.internal.cache.tier.sockets.HandShake;
+import com.gemstone.gemfire.internal.logging.LogService;
+import com.gemstone.gemfire.security.templates.LdapUserAuthenticator;
+import com.gemstone.gemfire.security.templates.UserPasswordAuthInit;
+import com.gemstone.gemfire.test.dunit.Assert;
+import com.gemstone.gemfire.util.test.TestUtil;
+import org.apache.logging.log4j.Logger;
+
+import java.security.Principal;
+import java.util.Properties;
+import java.util.Random;
+
+import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+
+public class LdapUserCredentialGenerator extends CredentialGenerator {
+
+ private static final Logger logger = LogService.getLogger();
+
+ private static final String USER_PREFIX = "gemfire";
+ private static final Random RANDOM = new Random();
+ private static final String[] CIPHERS = new String[] { "", "DESede", "AES:128", "Blowfish:128" };
+
+ private static boolean enableServerAuthentication = false;
+
+ private boolean serverAuthEnabled = false;
+
+ public LdapUserCredentialGenerator() {
+ // Toggle server authentication enabled for each test
+ // This is done instead of running all the tests with both
+ // server auth enabled/disabled to reduce test run time.
+ enableServerAuthentication = !enableServerAuthentication;
+ this.serverAuthEnabled = enableServerAuthentication;
+ }
+
+ @Override
+ protected Properties initialize() throws IllegalArgumentException {
+ final String ldapServer = System.getProperty("gf.ldap.server", "ldap");
+ final String ldapBaseDN = System.getProperty("gf.ldap.basedn", "ou=ldapTesting,dc=pune,dc=gemstone,dc=com");
+ final String ldapUseSSL = System.getProperty("gf.ldap.usessl");
+
+ final Properties extraProps = new Properties();
+ extraProps.setProperty(LdapUserAuthenticator.LDAP_SERVER_NAME, ldapServer);
+ extraProps.setProperty(LdapUserAuthenticator.LDAP_BASEDN_NAME, ldapBaseDN);
+
+ if (ldapUseSSL != null && ldapUseSSL.length() > 0) {
+ extraProps.setProperty(LdapUserAuthenticator.LDAP_SSL_NAME, ldapUseSSL);
+ }
+
+ if (serverAuthEnabled) {
+ String keyStoreFile = TestUtil.getResourcePath(LdapUserCredentialGenerator.class, PKCSCredentialGenerator.keyStoreDir + "/gemfire1.keystore");
+ extraProps.setProperty(HandShake.PRIVATE_KEY_FILE_PROP, keyStoreFile);
+ extraProps.setProperty(HandShake.PRIVATE_KEY_ALIAS_PROP, DistributionConfig.GEMFIRE_PREFIX);
+ extraProps.setProperty(HandShake.PRIVATE_KEY_PASSWD_PROP, "gemfire");
+ }
+
+ Assert.assertNotNull(extraProps.getProperty(LdapUserAuthenticator.LDAP_BASEDN_NAME));
+
+ logger.info("Generating LdapUserCredentialGenerator with {}", extraProps);
+
+ return extraProps;
+ }
+
+ @Override
+ public ClassCode classCode() {
+ return ClassCode.LDAP;
+ }
+
+ @Override
+ public String getAuthInit() {
+ return UserPasswordAuthInit.class.getName() + ".create";
+ }
+
+ @Override
+ public String getAuthenticator() {
+ return LdapUserAuthenticator.class.getName() + ".create";
+ }
+
+ @Override
+ public Properties getValidCredentials(final int index) {
+ final Properties props = new Properties();
+ props.setProperty(UserPasswordAuthInit.USER_NAME, USER_PREFIX + ((index % 10) + 1));
+ props.setProperty(UserPasswordAuthInit.PASSWORD, USER_PREFIX + ((index % 10) + 1));
+ props.setProperty(SECURITY_CLIENT_DHALGO, CIPHERS[RANDOM.nextInt(CIPHERS.length)]);
+
+ if (serverAuthEnabled) {
+ final String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, PKCSCredentialGenerator.keyStoreDir + "/publickeyfile");
+ props.setProperty(HandShake.PUBLIC_KEY_FILE_PROP, keyStoreFile);
+ props.setProperty(HandShake.PUBLIC_KEY_PASSWD_PROP, "gemfire");
+ }
+
+ return props;
+ }
+
+ @Override
+ public Properties getValidCredentials(final Principal principal) {
+ Properties props = null;
+ final String userName = principal.getName();
+
+ if (userName != null && userName.startsWith(USER_PREFIX)) {
+ boolean isValid;
+
+ try {
+ final int suffix = Integer.parseInt(userName.substring(USER_PREFIX.length()));
+ isValid = (suffix >= 1 && suffix <= 10);
+ } catch (Exception ex) {
+ isValid = false;
+ }
+
+ if (isValid) {
+ props = new Properties();
+ props.setProperty(UserPasswordAuthInit.USER_NAME, userName);
+ props.setProperty(UserPasswordAuthInit.PASSWORD, userName);
+ }
+ }
+
+ if (props == null) {
+ throw new IllegalArgumentException("LDAP: [" + userName + "] not a valid user");
+ }
+
+ props.setProperty(SECURITY_CLIENT_DHALGO, CIPHERS[RANDOM.nextInt(CIPHERS.length)]);
+
+ if (serverAuthEnabled) {
+ final String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, PKCSCredentialGenerator.keyStoreDir + "/publickeyfile");
+ props.setProperty(HandShake.PUBLIC_KEY_FILE_PROP, keyStoreFile);
+ props.setProperty(HandShake.PUBLIC_KEY_PASSWD_PROP, "gemfire");
+ }
+
+ return props;
+ }
+
+ @Override
+ public Properties getInvalidCredentials(final int index) {
+ final Properties props = new Properties();
+ props.setProperty(UserPasswordAuthInit.USER_NAME, "invalid" + index);
+ props.setProperty(UserPasswordAuthInit.PASSWORD, "none");
+ props.setProperty(SECURITY_CLIENT_DHALGO, CIPHERS[RANDOM.nextInt(CIPHERS.length)]);
+
+ if (serverAuthEnabled) {
+ final String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, PKCSCredentialGenerator.keyStoreDir + "/publickeyfile");
+ props.setProperty(HandShake.PUBLIC_KEY_FILE_PROP, keyStoreFile);
+ props.setProperty(HandShake.PUBLIC_KEY_PASSWD_PROP, "gemfire");
+ }
+
+ return props;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/generator/PKCSCredentialGenerator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/generator/PKCSCredentialGenerator.java b/geode-core/src/test/java/org/apache/geode/security/generator/PKCSCredentialGenerator.java
new file mode 100755
index 0000000..09381b8
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/generator/PKCSCredentialGenerator.java
@@ -0,0 +1,115 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security.generator;
+
+import java.security.Principal;
+import java.security.Provider;
+import java.security.Security;
+import java.util.Properties;
+
+import com.gemstone.gemfire.security.templates.PKCSAuthInit;
+import com.gemstone.gemfire.security.templates.PKCSAuthenticator;
+import com.gemstone.gemfire.util.test.TestUtil;
+
+public class PKCSCredentialGenerator extends CredentialGenerator {
+
+ public static String keyStoreDir = getKeyStoreDir();
+ public static boolean usesIBMJSSE;
+
+ // Checks if the current JVM uses only IBM JSSE providers.
+ private static boolean usesIBMProviders() {
+ final Provider[] providers = Security.getProviders();
+ for (int index = 0; index < providers.length; ++index) {
+ if (!providers[index].getName().toLowerCase().startsWith("ibm")) {
+ return false;
+ }
+ }
+ return true;
+ }
+
+ private static String getKeyStoreDir() {
+ usesIBMJSSE = usesIBMProviders();
+ if (usesIBMJSSE) {
+ return "/com/gemstone/gemfire/security/generator/keys/ibm";
+ } else {
+ return "/com/gemstone/gemfire/security/generator/keys";
+ }
+ }
+
+ @Override
+ protected Properties initialize() throws IllegalArgumentException {
+ final String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, keyStoreDir + "/publickeyfile");
+
+ final Properties props = new Properties();
+ props.setProperty(PKCSAuthenticator.PUBLIC_KEY_FILE, keyStoreFile);
+ props.setProperty(PKCSAuthenticator.PUBLIC_KEYSTORE_PASSWORD, "gemfire");
+
+ return props;
+ }
+
+ @Override
+ public ClassCode classCode() {
+ return ClassCode.PKCS;
+ }
+
+ @Override
+ public String getAuthInit() {
+ return PKCSAuthInit.class.getName() + ".create";
+ }
+
+ @Override
+ public String getAuthenticator() {
+ return PKCSAuthenticator.class.getName() + ".create";
+ }
+
+ @Override
+ public Properties getInvalidCredentials(int index) {
+ final String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, keyStoreDir + "/gemfire11.keystore");
+
+ final Properties props = new Properties();
+ props.setProperty(PKCSAuthInit.KEYSTORE_FILE_PATH, keyStoreFile);
+ props.setProperty(PKCSAuthInit.KEYSTORE_ALIAS, "gemfire11");
+ props.setProperty(PKCSAuthInit.KEYSTORE_PASSWORD, "gemfire");
+
+ return props;
+ }
+
+ @Override
+ public Properties getValidCredentials(int index) {
+ final int aliasnum = (index % 10) + 1;
+ final String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, keyStoreDir + "/gemfire" + aliasnum + ".keystore");
+
+ final Properties props = new Properties();
+ props.setProperty(PKCSAuthInit.KEYSTORE_FILE_PATH, keyStoreFile);
+ props.setProperty(PKCSAuthInit.KEYSTORE_ALIAS, "gemfire" + aliasnum);
+ props.setProperty(PKCSAuthInit.KEYSTORE_PASSWORD, "gemfire");
+
+ return props;
+ }
+
+ @Override
+ public Properties getValidCredentials(Principal principal) {
+ final String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, keyStoreDir + principal.getName() + ".keystore");
+
+ final Properties props = new Properties();
+ props.setProperty(PKCSAuthInit.KEYSTORE_FILE_PATH, keyStoreFile);
+ props.setProperty(PKCSAuthInit.KEYSTORE_ALIAS, principal.getName());
+ props.setProperty(PKCSAuthInit.KEYSTORE_PASSWORD, "gemfire");
+
+ return props;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/generator/SSLCredentialGenerator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/generator/SSLCredentialGenerator.java b/geode-core/src/test/java/org/apache/geode/security/generator/SSLCredentialGenerator.java
new file mode 100755
index 0000000..6b6e3de
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/generator/SSLCredentialGenerator.java
@@ -0,0 +1,123 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security.generator;
+
+import com.gemstone.gemfire.internal.logging.LogService;
+import com.gemstone.gemfire.security.AuthenticationFailedException;
+import org.apache.logging.log4j.Logger;
+
+import java.io.File;
+import java.io.IOException;
+import java.security.Principal;
+import java.util.Properties;
+
+import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+
+public class SSLCredentialGenerator extends CredentialGenerator {
+
+ private static final Logger logger = LogService.getLogger();
+
+ @Override
+ protected Properties initialize() throws IllegalArgumentException {
+ this.javaProperties = getValidJavaSSLProperties();
+ return getSSLProperties();
+ }
+
+ @Override
+ public ClassCode classCode() {
+ return ClassCode.SSL;
+ }
+
+ @Override
+ public String getAuthInit() {
+ return null;
+ }
+
+ @Override
+ public String getAuthenticator() {
+ return null;
+ }
+
+ @Override
+ public Properties getValidCredentials(int index) {
+ this.javaProperties = getValidJavaSSLProperties();
+ return getSSLProperties();
+ }
+
+ @Override
+ public Properties getValidCredentials(final Principal principal) {
+ this.javaProperties = getValidJavaSSLProperties();
+ return getSSLProperties();
+ }
+
+ @Override
+ public Properties getInvalidCredentials(final int index) {
+ this.javaProperties = getInvalidJavaSSLProperties();
+ return getSSLProperties();
+ }
+
+ private File findTrustedJKS() {
+ final File ssldir = new File(System.getProperty("JTESTS") + "/ssl");
+ return new File(ssldir, "trusted.keystore");
+ }
+
+ private File findUntrustedJKS() {
+ final File ssldir = new File(System.getProperty("JTESTS") + "/ssl");
+ return new File(ssldir, "untrusted.keystore");
+ }
+
+ private Properties getValidJavaSSLProperties() {
+ final File jks = findTrustedJKS();
+
+ try {
+ final Properties props = new Properties();
+ props.setProperty("javax.net.ssl.trustStore", jks.getCanonicalPath());
+ props.setProperty("javax.net.ssl.trustStorePassword", "password");
+ props.setProperty("javax.net.ssl.keyStore", jks.getCanonicalPath());
+ props.setProperty("javax.net.ssl.keyStorePassword", "password");
+ return props;
+
+ } catch (IOException ex) {
+ throw new AuthenticationFailedException("SSL: Exception while opening the key store: " + ex.getMessage(), ex);
+ }
+ }
+
+ private Properties getInvalidJavaSSLProperties() {
+ final File jks = findUntrustedJKS();
+
+ try {
+ final Properties props = new Properties();
+ props.setProperty("javax.net.ssl.trustStore", jks.getCanonicalPath());
+ props.setProperty("javax.net.ssl.trustStorePassword", "password");
+ props.setProperty("javax.net.ssl.keyStore", jks.getCanonicalPath());
+ props.setProperty("javax.net.ssl.keyStorePassword", "password");
+ return props;
+
+ } catch (IOException ex) {
+ throw new AuthenticationFailedException("SSL: Exception while opening the key store: " + ex.getMessage(), ex);
+ }
+ }
+
+ private Properties getSSLProperties() {
+ Properties props = new Properties();
+ props.setProperty(CLUSTER_SSL_CIPHERS, "true");
+ props.setProperty(CLUSTER_SSL_REQUIRE_AUTHENTICATION, "true");
+ props.setProperty(CLUSTER_SSL_CIPHERS, "SSL_RSA_WITH_3DES_EDE_CBC_SHA");
+ props.setProperty(CLUSTER_SSL_PROTOCOLS, "TLSv1");
+ return props;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/generator/UserPasswordWithExtraPropsAuthInit.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/generator/UserPasswordWithExtraPropsAuthInit.java b/geode-core/src/test/java/org/apache/geode/security/generator/UserPasswordWithExtraPropsAuthInit.java
new file mode 100755
index 0000000..1240533
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/generator/UserPasswordWithExtraPropsAuthInit.java
@@ -0,0 +1,70 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security.generator;
+
+import com.gemstone.gemfire.distributed.DistributedMember;
+import com.gemstone.gemfire.distributed.internal.DistributionConfig;
+import com.gemstone.gemfire.security.AuthInitialize;
+import com.gemstone.gemfire.security.AuthenticationFailedException;
+import com.gemstone.gemfire.security.templates.UserPasswordAuthInit;
+
+import java.util.Iterator;
+import java.util.Properties;
+
+/**
+ * An {@link AuthInitialize} implementation that obtains the user name and
+ * password as the credentials from the given set of properties. If
+ * keep-extra-props property exits, it will copy rest of the
+ * properties provided in getCredential props argument will also be
+ * copied as new credentials.
+ *
+ * @since GemFire 5.5
+ */
+public class UserPasswordWithExtraPropsAuthInit extends UserPasswordAuthInit {
+
+ public static final String SECURITY_PREFIX = DistributionConfig.SECURITY_PREFIX_NAME;
+ public static final String EXTRA_PROPS = "security-keep-extra-props";
+
+ public static AuthInitialize create() {
+ return new UserPasswordWithExtraPropsAuthInit();
+ }
+
+ public UserPasswordWithExtraPropsAuthInit() {
+ super();
+ }
+
+ @Override
+ public Properties getCredentials(final Properties securityProperties, final DistributedMember server, final boolean isPeer) throws AuthenticationFailedException {
+ final Properties securityPropertiesCopy = super.getCredentials(securityProperties, server, isPeer);
+ final String extraProps = securityProperties.getProperty(EXTRA_PROPS);
+
+ if (extraProps != null) {
+ for (Iterator it = securityProperties.keySet().iterator(); it.hasNext();) {
+ final String key = (String) it.next();
+ if (key.startsWith(SECURITY_PREFIX) &&
+ key.equalsIgnoreCase(USER_NAME) == false &&
+ key.equalsIgnoreCase(PASSWORD) == false &&
+ key.equalsIgnoreCase(EXTRA_PROPS) == false) {
+ securityPropertiesCopy.setProperty(key, securityProperties.getProperty(key));
+ }
+ }
+ this.securityLogWriter.fine("got everything and now have: " + securityPropertiesCopy.keySet().toString());
+ }
+
+ return securityPropertiesCopy;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/generator/XmlAuthzCredentialGenerator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/generator/XmlAuthzCredentialGenerator.java b/geode-core/src/test/java/org/apache/geode/security/generator/XmlAuthzCredentialGenerator.java
new file mode 100755
index 0000000..7dcf5ae
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/generator/XmlAuthzCredentialGenerator.java
@@ -0,0 +1,257 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security.generator;
+
+import java.security.Principal;
+import java.util.HashSet;
+import java.util.Properties;
+import java.util.Set;
+
+import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
+import com.gemstone.gemfire.security.templates.UsernamePrincipal;
+import com.gemstone.gemfire.security.templates.XmlAuthorization;
+import com.gemstone.gemfire.util.test.TestUtil;
+
+public class XmlAuthzCredentialGenerator extends AuthzCredentialGenerator {
+
+ private static final String dummyXml = "authz-dummy.xml";
+ private static final String ldapXml = "authz-ldap.xml";
+ private static final String pkcsXml = "authz-pkcs.xml";
+ private static final String sslXml = "authz-ssl.xml";
+
+ private static final String[] QUERY_REGIONS = { "/Portfolios", "/Positions", "/AuthRegion" };
+
+ public static OperationCode[] READER_OPS = {
+ OperationCode.GET,
+ OperationCode.REGISTER_INTEREST,
+ OperationCode.UNREGISTER_INTEREST,
+ OperationCode.KEY_SET,
+ OperationCode.CONTAINS_KEY,
+ OperationCode.EXECUTE_FUNCTION };
+
+ public static OperationCode[] WRITER_OPS = {
+ OperationCode.PUT,
+ OperationCode.DESTROY,
+ OperationCode.INVALIDATE,
+ OperationCode.REGION_CLEAR };
+
+ public static OperationCode[] QUERY_OPS = {
+ OperationCode.QUERY,
+ OperationCode.EXECUTE_CQ,
+ OperationCode.STOP_CQ,
+ OperationCode.CLOSE_CQ };
+
+ private static final byte READER_ROLE = 1;
+ private static final byte WRITER_ROLE = 2;
+ private static final byte QUERY_ROLE = 3;
+ private static final byte ADMIN_ROLE = 4;
+
+ private static Set readerOpsSet;
+ private static Set writerOpsSet;
+ private static Set queryOpsSet;
+ private static Set queryRegionSet;
+
+ static {
+ readerOpsSet = new HashSet();
+ for (int index = 0; index < READER_OPS.length; index++) {
+ readerOpsSet.add(READER_OPS[index]);
+ }
+
+ writerOpsSet = new HashSet();
+ for (int index = 0; index < WRITER_OPS.length; index++) {
+ writerOpsSet.add(WRITER_OPS[index]);
+ }
+
+ queryOpsSet = new HashSet();
+ for (int index = 0; index < QUERY_OPS.length; index++) {
+ queryOpsSet.add(QUERY_OPS[index]);
+ }
+
+ queryRegionSet = new HashSet();
+ for (int index = 0; index < QUERY_REGIONS.length; index++) {
+ queryRegionSet.add(QUERY_REGIONS[index]);
+ }
+ }
+
+ @Override
+ protected Properties init() throws IllegalArgumentException {
+ final Properties sysProps = new Properties();
+ final String dirName = "/com/gemstone/gemfire/security/generator/";
+
+ if (this.generator.classCode().isDummy()) {
+ final String xmlFilename = TestUtil.getResourcePath(XmlAuthzCredentialGenerator.class, dirName + dummyXml);
+ sysProps.setProperty(XmlAuthorization.DOC_URI_PROP_NAME, xmlFilename);
+
+ } else if (this.generator.classCode().isLDAP()) {
+ final String xmlFilename = TestUtil.getResourcePath(XmlAuthzCredentialGenerator.class, dirName + ldapXml);
+ sysProps.setProperty(XmlAuthorization.DOC_URI_PROP_NAME, xmlFilename);
+
+ // } else if (this.generator.classCode().isPKCS()) {
+ // sysProps.setProperty(XmlAuthorization.DOC_URI_PROP_NAME, dirName + pkcsXml);
+ // }
+ // } else if (this.generator.classCode().isSSL()) {
+ // sysProps.setProperty(XmlAuthorization.DOC_URI_PROP_NAME, dirName + sslXml);
+ // }
+
+ } else {
+ throw new IllegalArgumentException("No XML defined for XmlAuthorization module to work with " + this.generator.getAuthenticator());
+ }
+ return sysProps;
+ }
+
+ @Override
+ public ClassCode classCode() {
+ return ClassCode.XML;
+ }
+
+ @Override
+ public String getAuthorizationCallback() {
+ return XmlAuthorization.class.getName() + ".create";
+ }
+
+ private Principal getDummyPrincipal(final byte roleType, final int index) {
+ final String[] admins = new String[] { "root", "admin", "administrator" };
+ final int numReaders = 3;
+ final int numWriters = 3;
+
+ switch (roleType) {
+ case READER_ROLE:
+ return new UsernamePrincipal("reader" + (index % numReaders));
+ case WRITER_ROLE:
+ return new UsernamePrincipal("writer" + (index % numWriters));
+ case QUERY_ROLE:
+ return new UsernamePrincipal("reader" + ((index % 2) + 3));
+ default:
+ return new UsernamePrincipal(admins[index % admins.length]);
+ }
+ }
+
+ @Override
+ protected Principal getAllowedPrincipal(final OperationCode[] opCodes, final String[] regionNames, final int index) {
+ if (this.generator.classCode().isDummy()) {
+ final byte roleType = getRequiredRole(opCodes, regionNames);
+ return getDummyPrincipal(roleType, index);
+
+ } else if (this.generator.classCode().isLDAP()) {
+ final byte roleType = getRequiredRole(opCodes, regionNames);
+ return getLdapPrincipal(roleType, index);
+ }
+
+ return null;
+ }
+
+ @Override
+ protected Principal getDisallowedPrincipal(final OperationCode[] opCodes, final String[] regionNames, final int index) {
+ final byte roleType = getRequiredRole(opCodes, regionNames);
+
+ byte disallowedRoleType = READER_ROLE;
+ switch (roleType) {
+ case READER_ROLE:
+ disallowedRoleType = WRITER_ROLE;
+ break;
+ case WRITER_ROLE:
+ disallowedRoleType = READER_ROLE;
+ break;
+ case QUERY_ROLE:
+ disallowedRoleType = READER_ROLE;
+ break;
+ case ADMIN_ROLE:
+ disallowedRoleType = READER_ROLE;
+ break;
+ }
+
+ if (this.generator.classCode().isDummy()) {
+ return getDummyPrincipal(disallowedRoleType, index);
+
+ } else if (this.generator.classCode().isLDAP()) {
+ return getLdapPrincipal(disallowedRoleType, index);
+ }
+
+ return null;
+ }
+
+ @Override
+ protected int getNumPrincipalTries(final OperationCode[] opCodes, final String[] regionNames) {
+ return 5;
+ }
+
+ private Principal getLdapPrincipal(final byte roleType, final int index) {
+ final String userPrefix = "gemfire";
+ final int[] readerIndices = { 3, 4, 5 };
+ final int[] writerIndices = { 6, 7, 8 };
+ final int[] queryIndices = { 9, 10 };
+ final int[] adminIndices = { 1, 2 };
+
+ switch (roleType) {
+ case READER_ROLE:
+ int readerIndex = readerIndices[index % readerIndices.length];
+ return new UsernamePrincipal(userPrefix + readerIndex);
+ case WRITER_ROLE:
+ int writerIndex = writerIndices[index % writerIndices.length];
+ return new UsernamePrincipal(userPrefix + writerIndex);
+ case QUERY_ROLE:
+ int queryIndex = queryIndices[index % queryIndices.length];
+ return new UsernamePrincipal(userPrefix + queryIndex);
+ default:
+ int adminIndex = adminIndices[index % adminIndices.length];
+ return new UsernamePrincipal(userPrefix + adminIndex);
+ }
+ }
+
+ private byte getRequiredRole(final OperationCode[] opCodes, final String[] regionNames) {
+ byte roleType = ADMIN_ROLE;
+ boolean requiresReader = true;
+ boolean requiresWriter = true;
+ boolean requiresQuery = true;
+
+ for (int opNum = 0; opNum < opCodes.length; opNum++) {
+ final OperationCode opCode = opCodes[opNum];
+ if (requiresReader && !readerOpsSet.contains(opCode)) {
+ requiresReader = false;
+ }
+ if (requiresWriter && !writerOpsSet.contains(opCode)) {
+ requiresWriter = false;
+ }
+ if (requiresQuery && !queryOpsSet.contains(opCode)) {
+ requiresQuery = false;
+ }
+ }
+
+ if (requiresReader) {
+ roleType = READER_ROLE;
+
+ } else if (requiresWriter) {
+ roleType = WRITER_ROLE;
+
+ } else if (requiresQuery) {
+ if (regionNames != null && regionNames.length > 0) {
+ for (int index = 0; index < regionNames.length; index++) {
+ final String regionName = XmlAuthorization.normalizeRegionName(regionNames[index]);
+ if (requiresQuery && !queryRegionSet.contains(regionName)) {
+ requiresQuery = false;
+ break;
+ }
+ }
+ if (requiresQuery) {
+ roleType = QUERY_ROLE;
+ }
+ }
+ }
+
+ return roleType;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/templates/DummyAuthenticator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/templates/DummyAuthenticator.java b/geode-core/src/test/java/org/apache/geode/security/templates/DummyAuthenticator.java
new file mode 100755
index 0000000..f086b67
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/templates/DummyAuthenticator.java
@@ -0,0 +1,75 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security.templates;
+
+import java.security.Principal;
+import java.util.Properties;
+
+import com.gemstone.gemfire.LogWriter;
+import com.gemstone.gemfire.distributed.DistributedMember;
+import com.gemstone.gemfire.security.AuthenticationFailedException;
+import com.gemstone.gemfire.security.Authenticator;
+
+/**
+ * A dummy implementation of the {@link Authenticator} interface that expects a
+ * user name and password allowing authentication depending on the format of the
+ * user name.
+ *
+ * @since GemFire 5.5
+ */
+public class DummyAuthenticator implements Authenticator {
+
+ public static Authenticator create() {
+ return new DummyAuthenticator();
+ }
+
+ public static boolean checkValidName(final String userName) {
+ return userName.startsWith("user") ||
+ userName.startsWith("reader") ||
+ userName.startsWith("writer") ||
+ userName.equals("admin") ||
+ userName.equals("root") ||
+ userName.equals("administrator");
+ }
+
+ @Override
+ public void init(final Properties securityProperties, final LogWriter systemLogWriter, final LogWriter securityLogWriter) throws AuthenticationFailedException {
+ }
+
+ @Override
+ public Principal authenticate(final Properties credentials, final DistributedMember member) throws AuthenticationFailedException {
+ final String userName = credentials.getProperty(UserPasswordAuthInit.USER_NAME);
+ if (userName == null) {
+ throw new AuthenticationFailedException("DummyAuthenticator: user name property [" + UserPasswordAuthInit.USER_NAME + "] not provided");
+ }
+
+ final String password = credentials.getProperty(UserPasswordAuthInit.PASSWORD);
+ if (password == null) {
+ throw new AuthenticationFailedException( "DummyAuthenticator: password property [" + UserPasswordAuthInit.PASSWORD + "] not provided");
+ }
+
+ if (userName.equals(password) && checkValidName(userName)) {
+ return new UsernamePrincipal(userName);
+ } else {
+ throw new AuthenticationFailedException("DummyAuthenticator: Invalid user name [" + userName + "], password supplied.");
+ }
+ }
+
+ @Override
+ public void close() {
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/templates/DummyAuthorization.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/templates/DummyAuthorization.java b/geode-core/src/test/java/org/apache/geode/security/templates/DummyAuthorization.java
new file mode 100755
index 0000000..df08676
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/templates/DummyAuthorization.java
@@ -0,0 +1,122 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security.templates;
+
+import java.security.Principal;
+import java.util.HashSet;
+import java.util.Set;
+
+import com.gemstone.gemfire.LogWriter;
+import com.gemstone.gemfire.cache.Cache;
+import com.gemstone.gemfire.cache.operations.OperationContext;
+import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
+import com.gemstone.gemfire.distributed.DistributedMember;
+import com.gemstone.gemfire.security.AccessControl;
+import com.gemstone.gemfire.security.NotAuthorizedException;
+
+/**
+ * A dummy implementation of the {@code AccessControl} interface that
+ * allows authorization depending on the format of the {@code Principal}
+ * string.
+ *
+ * @since GemFire 5.5
+ */
+public class DummyAuthorization implements AccessControl {
+
+ private Set allowedOps;
+ private DistributedMember remoteMember;
+ private LogWriter securityLogWriter;
+
+ public static final OperationCode[] READER_OPS = {
+ OperationCode.GET,
+ OperationCode.QUERY,
+ OperationCode.EXECUTE_CQ,
+ OperationCode.CLOSE_CQ,
+ OperationCode.STOP_CQ,
+ OperationCode.REGISTER_INTEREST,
+ OperationCode.UNREGISTER_INTEREST,
+ OperationCode.KEY_SET,
+ OperationCode.CONTAINS_KEY,
+ OperationCode.EXECUTE_FUNCTION };
+
+ public static final OperationCode[] WRITER_OPS = {
+ OperationCode.PUT,
+ OperationCode.PUTALL,
+ OperationCode.DESTROY,
+ OperationCode.INVALIDATE,
+ OperationCode.REGION_CLEAR };
+
+ public static AccessControl create() {
+ return new DummyAuthorization();
+ }
+
+ public DummyAuthorization() {
+ this.allowedOps = new HashSet(20);
+ }
+
+ @Override
+ public void init(final Principal principal, final DistributedMember remoteMember, final Cache cache) throws NotAuthorizedException {
+ if (principal != null) {
+
+ final String name = principal.getName().toLowerCase();
+
+ if (name != null) {
+
+ if (name.equals("root") || name.equals("admin") || name.equals("administrator")) {
+ addReaderOps();
+ addWriterOps();
+ this.allowedOps.add(OperationCode.REGION_CREATE);
+ this.allowedOps.add(OperationCode.REGION_DESTROY);
+
+ } else if (name.startsWith("writer")) {
+ addWriterOps();
+
+ } else if (name.startsWith("reader")) {
+ addReaderOps();
+ }
+
+ }
+ }
+
+ this.remoteMember = remoteMember;
+ this.securityLogWriter = cache.getSecurityLogger();
+ }
+
+ @Override
+ public boolean authorizeOperation(String regionName, OperationContext context) {
+ final OperationCode opCode = context.getOperationCode();
+ this.securityLogWriter.fine("Invoked authorize operation for [" + opCode + "] in region [" + regionName + "] for client: " + remoteMember);
+ return this.allowedOps.contains(opCode);
+ }
+
+ @Override
+ public void close() {
+ this.allowedOps.clear();
+ }
+
+ private void addReaderOps() {
+ for (int index = 0; index < READER_OPS.length; index++) {
+ this.allowedOps.add(READER_OPS[index]);
+ }
+ }
+
+ private void addWriterOps() {
+ for (int index = 0; index < WRITER_OPS.length; index++) {
+ this.allowedOps.add(WRITER_OPS[index]);
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/templates/FunctionSecurityPrmsHolder.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/templates/FunctionSecurityPrmsHolder.java b/geode-core/src/test/java/org/apache/geode/security/templates/FunctionSecurityPrmsHolder.java
new file mode 100755
index 0000000..275a4ad
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/templates/FunctionSecurityPrmsHolder.java
@@ -0,0 +1,50 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security.templates;
+
+import java.util.Set;
+
+/**
+ * This is a sample class for objects which hold information of the authorized
+ * function names and authorized value for the {@code optimizeForWrite}.
+ *
+ * @since GemFire 6.0
+ */
+public class FunctionSecurityPrmsHolder {
+
+ private final Boolean optimizeForWrite;
+ private final Set<String> functionIds;
+ private final Set<String> keySet;
+
+ public FunctionSecurityPrmsHolder(final Boolean optimizeForWrite, final Set<String> functionIds, final Set<String> keySet) {
+ this.optimizeForWrite = optimizeForWrite;
+ this.functionIds = functionIds;
+ this.keySet = keySet;
+ }
+
+ public Boolean isOptimizeForWrite() {
+ return this.optimizeForWrite;
+ }
+
+ public Set<String> getFunctionIds() {
+ return this.functionIds;
+ }
+
+ public Set<String> getKeySet() {
+ return this.keySet;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/templates/LdapUserAuthenticator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/templates/LdapUserAuthenticator.java b/geode-core/src/test/java/org/apache/geode/security/templates/LdapUserAuthenticator.java
new file mode 100755
index 0000000..a9e875e
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/templates/LdapUserAuthenticator.java
@@ -0,0 +1,107 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security.templates;
+
+import java.security.Principal;
+import java.util.Properties;
+import javax.naming.Context;
+import javax.naming.directory.DirContext;
+import javax.naming.directory.InitialDirContext;
+
+import org.apache.logging.log4j.Logger;
+
+import com.gemstone.gemfire.LogWriter;
+import com.gemstone.gemfire.distributed.DistributedMember;
+import com.gemstone.gemfire.internal.logging.LogService;
+import com.gemstone.gemfire.security.AuthenticationFailedException;
+import com.gemstone.gemfire.security.Authenticator;
+
+/**
+ * An implementation of {@link Authenticator} that uses LDAP.
+ *
+ * @since GemFire 5.5
+ */
+public class LdapUserAuthenticator implements Authenticator {
+
+ private static final Logger logger = LogService.getLogger();
+
+ public static final String LDAP_SERVER_NAME = "security-ldap-server";
+ public static final String LDAP_BASEDN_NAME = "security-ldap-basedn";
+ public static final String LDAP_SSL_NAME = "security-ldap-usessl";
+
+ private String ldapServer = null;
+ private String baseDomainName = null;
+ private String ldapUrlScheme = null;
+
+ public static Authenticator create() {
+ return new LdapUserAuthenticator();
+ }
+
+ @Override
+ public void init(final Properties securityProps, final LogWriter systemLogWriter, final LogWriter securityLogWriter) throws AuthenticationFailedException {
+ logger.info("Initializing LdapUserAuthenticator with {}", securityProps);
+
+ this.ldapServer = securityProps.getProperty(LDAP_SERVER_NAME);
+ if (this.ldapServer == null || this.ldapServer.length() == 0) {
+ throw new AuthenticationFailedException("LdapUserAuthenticator: LDAP server property [" + LDAP_SERVER_NAME + "] not specified");
+ }
+
+ this.baseDomainName = securityProps.getProperty(LDAP_BASEDN_NAME);
+ if (this.baseDomainName == null || this.baseDomainName.length() == 0) {
+ throw new AuthenticationFailedException("LdapUserAuthenticator: LDAP base DN property [" + LDAP_BASEDN_NAME + "] not specified");
+ }
+
+ final String sslName = securityProps.getProperty(LDAP_SSL_NAME);
+ if (sslName != null && sslName.toLowerCase().equals("true")) {
+ this.ldapUrlScheme = "ldaps://";
+ } else {
+ this.ldapUrlScheme = "ldap://";
+ }
+ }
+
+ @Override
+ public Principal authenticate(final Properties credentials, final DistributedMember member) {
+ final String userName = credentials.getProperty(UserPasswordAuthInit.USER_NAME);
+ if (userName == null) {
+ throw new AuthenticationFailedException("LdapUserAuthenticator: user name property [" + UserPasswordAuthInit.USER_NAME + "] not provided");
+ }
+
+ String password = credentials.getProperty(UserPasswordAuthInit.PASSWORD);
+ if (password == null) {
+ password = "";
+ }
+
+ final Properties env = new Properties();
+ env.put(Context.INITIAL_CONTEXT_FACTORY, com.sun.jndi.ldap.LdapCtxFactory.class.getName());
+ env.put(Context.PROVIDER_URL, this.ldapUrlScheme + this.ldapServer + '/' + this.baseDomainName);
+ env.put(Context.SECURITY_PRINCIPAL, "uid=" + userName + "," + this.baseDomainName);
+ env.put(Context.SECURITY_CREDENTIALS, password);
+
+ try {
+ final DirContext ctx = new InitialDirContext(env);
+ ctx.close();
+ } catch (Exception e) {
+ throw new AuthenticationFailedException("LdapUserAuthenticator: Failure with provided username, password combination for user name: " + userName, e);
+ }
+
+ return new UsernamePrincipal(userName);
+ }
+
+ @Override
+ public void close() {
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/templates/PKCSAuthInit.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/templates/PKCSAuthInit.java b/geode-core/src/test/java/org/apache/geode/security/templates/PKCSAuthInit.java
new file mode 100755
index 0000000..f58d305
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/templates/PKCSAuthInit.java
@@ -0,0 +1,120 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security.templates;
+
+import java.io.FileInputStream;
+import java.security.Key;
+import java.security.KeyStore;
+import java.security.PrivateKey;
+import java.security.Signature;
+import java.security.cert.X509Certificate;
+import java.util.Properties;
+
+import org.apache.logging.log4j.Logger;
+
+import com.gemstone.gemfire.LogWriter;
+import com.gemstone.gemfire.distributed.DistributedMember;
+import com.gemstone.gemfire.internal.logging.LogService;
+import com.gemstone.gemfire.security.AuthInitialize;
+import com.gemstone.gemfire.security.AuthenticationFailedException;
+
+/**
+ * An {@link AuthInitialize} implementation that obtains the digital signature
+ * for use with PKCS scheme on server from the given set of properties.
+ *
+ * To use this class the {@code security-client-auth-init} property should be
+ * set to the fully qualified name the static {@code create} function
+ * viz. {@code com.gemstone.gemfire.security.templates.PKCSAuthInit.create}
+ *
+ * @since GemFire 5.5
+ */
+public class PKCSAuthInit implements AuthInitialize {
+
+ private static final Logger logger = LogService.getLogger();
+
+ public static final String KEYSTORE_FILE_PATH = "security-keystorepath";
+ public static final String KEYSTORE_ALIAS = "security-alias";
+ public static final String KEYSTORE_PASSWORD = "security-keystorepass";
+ public static final String SIGNATURE_DATA = "security-signature";
+
+ protected LogWriter systemLogWriter;
+ protected LogWriter securityLogWriter;
+
+ public static AuthInitialize create() {
+ return new PKCSAuthInit();
+ }
+
+ @Override
+ public void init(final LogWriter systemLogWriter, final LogWriter securityLogWriter) throws AuthenticationFailedException {
+ this.systemLogWriter = systemLogWriter;
+ this.securityLogWriter = securityLogWriter;
+ }
+
+ @Override
+ public Properties getCredentials(final Properties securityProperties, final DistributedMember server, final boolean isPeer) throws AuthenticationFailedException {
+ final String keyStorePath = securityProperties.getProperty(KEYSTORE_FILE_PATH);
+ if (keyStorePath == null) {
+ throw new AuthenticationFailedException("PKCSAuthInit: key-store file path property [" + KEYSTORE_FILE_PATH + "] not set.");
+ }
+
+ final String alias = securityProperties.getProperty(KEYSTORE_ALIAS);
+ if (alias == null) {
+ throw new AuthenticationFailedException("PKCSAuthInit: key alias name property [" + KEYSTORE_ALIAS + "] not set.");
+ }
+
+ final String keyStorePass = securityProperties.getProperty(KEYSTORE_PASSWORD);
+
+ try {
+ final KeyStore ks = KeyStore.getInstance("PKCS12");
+ final char[] passPhrase = (keyStorePass != null ? keyStorePass.toCharArray() : null);
+ final FileInputStream certificatefile = new FileInputStream(keyStorePath);
+
+ try {
+ ks.load(certificatefile, passPhrase);
+ } finally {
+ certificatefile.close();
+ }
+
+ final Key key = ks.getKey(alias, passPhrase);
+
+ if (key instanceof PrivateKey) {
+ final PrivateKey privKey = (PrivateKey)key;
+ final X509Certificate cert = (X509Certificate)ks.getCertificate(alias);
+ final Signature sig = Signature.getInstance(cert.getSigAlgName());
+
+ sig.initSign(privKey);
+ sig.update(alias.getBytes("UTF-8"));
+ final byte[] signatureBytes = sig.sign();
+
+ final Properties newprops = new Properties();
+ newprops.put(KEYSTORE_ALIAS, alias);
+ newprops.put(SIGNATURE_DATA, signatureBytes);
+ return newprops;
+
+ } else {
+ throw new AuthenticationFailedException("PKCSAuthInit: " + "Failed to load private key from the given file: " + keyStorePath);
+ }
+
+ } catch (Exception ex) {
+ throw new AuthenticationFailedException("PKCSAuthInit: Exception while getting credentials: " + ex, ex);
+ }
+ }
+
+ @Override
+ public void close() {
+ }
+}
[13/15] incubator-geode git commit: GEODE-37 Renamed security related
stuff
Posted by hi...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthorizationTestCase.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthorizationTestCase.java b/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthorizationTestCase.java
deleted file mode 100644
index c222e6c..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthorizationTestCase.java
+++ /dev/null
@@ -1,1325 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.gemstone.gemfire.security;
-
-import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
-import static com.gemstone.gemfire.internal.AvailablePort.*;
-import static com.gemstone.gemfire.security.SecurityTestUtils.*;
-import static com.gemstone.gemfire.test.dunit.Assert.*;
-import static com.gemstone.gemfire.test.dunit.Host.*;
-import static com.gemstone.gemfire.test.dunit.Wait.*;
-
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Properties;
-import java.util.Random;
-import java.util.Set;
-import java.util.concurrent.Callable;
-
-import com.gemstone.gemfire.cache.DynamicRegionFactory;
-import com.gemstone.gemfire.cache.InterestResultPolicy;
-import com.gemstone.gemfire.cache.Operation;
-import com.gemstone.gemfire.cache.Region;
-import com.gemstone.gemfire.cache.Region.Entry;
-import com.gemstone.gemfire.cache.RegionDestroyedException;
-import com.gemstone.gemfire.cache.client.ServerConnectivityException;
-import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
-import com.gemstone.gemfire.cache.query.CqAttributes;
-import com.gemstone.gemfire.cache.query.CqAttributesFactory;
-import com.gemstone.gemfire.cache.query.CqEvent;
-import com.gemstone.gemfire.cache.query.CqException;
-import com.gemstone.gemfire.cache.query.CqListener;
-import com.gemstone.gemfire.cache.query.CqQuery;
-import com.gemstone.gemfire.cache.query.QueryInvocationTargetException;
-import com.gemstone.gemfire.cache.query.QueryService;
-import com.gemstone.gemfire.cache.query.SelectResults;
-import com.gemstone.gemfire.cache.query.Struct;
-import com.gemstone.gemfire.internal.AvailablePort.*;
-import com.gemstone.gemfire.internal.AvailablePortHelper;
-import com.gemstone.gemfire.internal.cache.AbstractRegionEntry;
-import com.gemstone.gemfire.internal.cache.LocalRegion;
-import com.gemstone.gemfire.security.generator.AuthzCredentialGenerator;
-import com.gemstone.gemfire.security.generator.AuthzCredentialGenerator.ClassCode;
-import com.gemstone.gemfire.security.generator.CredentialGenerator;
-import com.gemstone.gemfire.security.generator.DummyCredentialGenerator;
-import com.gemstone.gemfire.security.generator.XmlAuthzCredentialGenerator;
-import com.gemstone.gemfire.test.dunit.VM;
-import com.gemstone.gemfire.test.dunit.WaitCriterion;
-import com.gemstone.gemfire.test.dunit.internal.JUnit4DistributedTestCase;
-
-/**
- * Base class for tests for authorization from client to server. It contains
- * utility functions for the authorization tests from client to server.
- *
- * @since GemFire 5.5
- */
-public abstract class ClientAuthorizationTestCase extends JUnit4DistributedTestCase {
-
- private static final int PAUSE = 5 * 1000;
-
- protected static VM server1 = null;
- protected static VM server2 = null;
- protected static VM client1 = null;
- protected static VM client2 = null;
-
- protected static final String regionName = REGION_NAME; // TODO: remove
- protected static final String SUBREGION_NAME = "AuthSubregion";
-
- private static final String[] serverIgnoredExceptions = {
- "Connection refused",
- AuthenticationRequiredException.class.getName(),
- AuthenticationFailedException.class.getName(),
- NotAuthorizedException.class.getName(),
- GemFireSecurityException.class.getName(),
- RegionDestroyedException.class.getName(),
- ClassNotFoundException.class.getName()
- };
-
- private static final String[] clientIgnoredExceptions = {
- AuthenticationFailedException.class.getName(),
- NotAuthorizedException.class.getName(),
- RegionDestroyedException.class.getName()
- };
-
- @Override
- public final void preSetUp() throws Exception {
- }
-
- @Override
- public final void postSetUp() throws Exception {
- preSetUpClientAuthorizationTestBase();
- setUpClientAuthorizationTestBase();
- postSetUpClientAuthorizationTestBase();
- }
-
- private final void setUpClientAuthorizationTestBase() throws Exception {
- server1 = getHost(0).getVM(0);
- server2 = getHost(0).getVM(1);
- client1 = getHost(0).getVM(2);
- client2 = getHost(0).getVM(3);
- setUpIgnoredExceptions();
- }
-
- private final void setUpIgnoredExceptions() {
- Set<String> serverExceptions = new HashSet<>();
- serverExceptions.addAll(Arrays.asList(serverIgnoredExceptions()));
- if (serverExceptions.isEmpty()) {
- serverExceptions.addAll(Arrays.asList(serverIgnoredExceptions));
- }
-
- String[] serverExceptionsArray = serverExceptions.toArray(new String[serverExceptions.size()]);
- server1.invoke(() -> registerExpectedExceptions(serverExceptionsArray));
- server2.invoke(() -> registerExpectedExceptions(serverExceptionsArray));
-
- Set<String> clientExceptions = new HashSet<>();
- clientExceptions.addAll(Arrays.asList(clientIgnoredExceptions()));
- if (clientExceptions.isEmpty()) {
- clientExceptions.addAll(Arrays.asList(clientIgnoredExceptions));
- }
-
- String[] clientExceptionsArray = serverExceptions.toArray(new String[clientExceptions.size()]);
- client2.invoke(() -> registerExpectedExceptions(clientExceptionsArray));
- registerExpectedExceptions(clientExceptionsArray);
- }
-
- protected String[] serverIgnoredExceptions() {
- return new String[]{};
- }
-
- protected String[] clientIgnoredExceptions() {
- return new String[]{};
- }
-
- protected void preSetUpClientAuthorizationTestBase() throws Exception {
- }
-
- protected void postSetUpClientAuthorizationTestBase() throws Exception {
- }
-
- @Override
- public final void preTearDown() throws Exception {
- preTearDownClientAuthorizationTestBase();
- tearDownClientAuthorizationTestBase();
- postTearDownClientAuthorizationTestBase();
- }
-
- @Override
- public final void postTearDown() throws Exception {
- }
-
- private final void tearDownClientAuthorizationTestBase() throws Exception {
- // close the clients first
- client1.invoke(() -> closeCache());
- client2.invoke(() -> closeCache());
- // then close the servers
- server1.invoke(() -> closeCache());
- server2.invoke(() -> closeCache());
- }
-
- protected void preTearDownClientAuthorizationTestBase() throws Exception {
- }
-
- protected void postTearDownClientAuthorizationTestBase() throws Exception {
- }
-
- protected static Properties buildProperties(final String authenticator, final String accessor, final boolean isAccessorPP, final Properties extraAuthProps, final Properties extraAuthzProps) {
- Properties authProps = new Properties();
- if (authenticator != null) {
- authProps.setProperty(SECURITY_CLIENT_AUTHENTICATOR, authenticator);
- }
- if (accessor != null) {
- if (isAccessorPP) {
- authProps.setProperty(SECURITY_CLIENT_ACCESSOR_PP, accessor);
- } else {
- authProps.setProperty(SECURITY_CLIENT_ACCESSOR, accessor);
- }
- }
- return concatProperties(new Properties[] { authProps, extraAuthProps, extraAuthzProps });
- }
-
- protected static Integer createCacheServer(int locatorPort, final Properties authProps, final Properties javaProps) {
- if (locatorPort == 0) {
- locatorPort = getRandomAvailablePort(SOCKET);
- }
- return SecurityTestUtils.createCacheServer(authProps, javaProps, locatorPort, null, 0, true, NO_EXCEPTION);
- }
-
- protected static int createCacheServer(int locatorPort, final int serverPort, final Properties authProps, final Properties javaProps) {
- if (locatorPort == 0) {
- locatorPort = getRandomAvailablePort(SOCKET);
- }
- return SecurityTestUtils.createCacheServer(authProps, javaProps, locatorPort, null, serverPort, true, NO_EXCEPTION);
- }
-
- protected static Region getRegion() {
- return getCache().getRegion(regionName);
- }
-
- protected static Region getSubregion() {
- return getCache().getRegion(regionName + '/' + SUBREGION_NAME);
- }
-
- private static Region createSubregion(final Region region) {
- Region subregion = getSubregion();
- if (subregion == null) {
- subregion = region.createSubregion(SUBREGION_NAME, region.getAttributes());
- }
- return subregion;
- }
-
- protected static String indicesToString(final int[] indices) {
- String str = "";
- if (indices != null && indices.length > 0) {
- str += indices[0];
- for (int index = 1; index < indices.length; ++index) {
- str += ",";
- str += indices[index];
- }
- }
- return str;
- }
-
- protected static void doOp(OperationCode op, final int[] indices, final int flagsI, final int expectedResult) throws InterruptedException {
- boolean operationOmitted = false;
- final int flags = flagsI;
- Region region = getRegion();
-
- if ((flags & OpFlags.USE_SUBREGION) > 0) {
- assertNotNull(region);
- Region subregion = null;
-
- if ((flags & OpFlags.NO_CREATE_SUBREGION) > 0) {
- if ((flags & OpFlags.CHECK_NOREGION) > 0) {
- // Wait for some time for DRF update to come
- waitForCondition(() -> getSubregion() == null);
- subregion = getSubregion();
- assertNull(subregion);
- return;
-
- } else {
- // Wait for some time for DRF update to come
- waitForCondition(() -> getSubregion() != null);
- subregion = getSubregion();
- assertNotNull(subregion);
- }
-
- } else {
- subregion = createSubregion(region);
- }
-
- assertNotNull(subregion);
- region = subregion;
-
- } else if ((flags & OpFlags.CHECK_NOREGION) > 0) {
- // Wait for some time for region destroy update to come
- waitForCondition(() -> getRegion() == null);
- region = getRegion();
- assertNull(region);
- return;
-
- } else {
- assertNotNull(region);
- }
-
- final String[] keys = KEYS;
- final String[] vals;
- if ((flags & OpFlags.USE_NEWVAL) > 0) {
- vals = NVALUES;
- }
- else {
- vals = VALUES;
- }
-
- InterestResultPolicy policy = InterestResultPolicy.KEYS_VALUES;
- if ((flags & OpFlags.REGISTER_POLICY_NONE) > 0) {
- policy = InterestResultPolicy.NONE;
- }
-
- final int numOps = indices.length;
- System.out.println("Got doOp for op: " + op.toString() + ", numOps: " + numOps + ", indices: " + indicesToString(indices) + ", expect: " + expectedResult);
- boolean exceptionOccured = false;
- boolean breakLoop = false;
-
- if (op.isGet() || op.isContainsKey() || op.isKeySet() || op.isQuery() || op.isExecuteCQ()) {
- Thread.sleep(PAUSE);
- }
-
- for (int indexIndex = 0; indexIndex < numOps; ++indexIndex) {
- if (breakLoop) {
- break;
- }
- int index = indices[indexIndex];
-
- try {
- final Object key = keys[index];
- final Object expectedVal = vals[index];
-
- if (op.isGet()) {
- Object value = null;
- // this is the case for testing GET_ALL
- if ((flags & OpFlags.USE_ALL_KEYS) > 0) {
- breakLoop = true;
- List keyList = new ArrayList(numOps);
- Object searchKey;
-
- for (int keyNumIndex = 0; keyNumIndex < numOps; ++keyNumIndex) {
- int keyNum = indices[keyNumIndex];
- searchKey = keys[keyNum];
- keyList.add(searchKey);
-
- // local invalidate some KEYS to force fetch of those KEYS from server
- if ((flags & OpFlags.CHECK_NOKEY) > 0) {
- AbstractRegionEntry entry = (AbstractRegionEntry)((LocalRegion)region).getRegionEntry(searchKey);
- System.out.println(""+keyNum+": key is " + searchKey + " and entry is " + entry);
- assertFalse(region.containsKey(searchKey));
- } else {
- if (keyNumIndex % 2 == 1) {
- assertTrue(region.containsKey(searchKey));
- region.localInvalidate(searchKey);
- }
- }
- }
-
- Map entries = region.getAll(keyList);
-
- for (int keyNumIndex = 0; keyNumIndex < numOps; ++keyNumIndex) {
- int keyNum = indices[keyNumIndex];
- searchKey = keys[keyNum];
- if ((flags & OpFlags.CHECK_FAIL) > 0) {
- assertFalse(entries.containsKey(searchKey));
- } else {
- assertTrue(entries.containsKey(searchKey));
- value = entries.get(searchKey);
- assertEquals(vals[keyNum], value);
- }
- }
-
- break;
- }
-
- if ((flags & OpFlags.LOCAL_OP) > 0) {
- Callable<Boolean> condition = new Callable<Boolean>() {
- private Region region;
-
- @Override
- public Boolean call() throws Exception {
- Object value = getLocalValue(region, key);
- return (flags & OpFlags.CHECK_FAIL) > 0 ? !expectedVal.equals(value) : expectedVal.equals(value);
- }
-
- public Callable<Boolean> init(Region region) {
- this.region = region;
- return this;
- }
- }.init(region);
- waitForCondition(condition);
-
- value = getLocalValue(region, key);
-
- } else if ((flags & OpFlags.USE_GET_ENTRY_IN_TX) > 0) {
- getCache().getCacheTransactionManager().begin();
- Entry e = region.getEntry(key);
-
- // Also, check getAll()
- ArrayList a = new ArrayList();
- a.addAll(a);
- region.getAll(a);
-
- getCache().getCacheTransactionManager().commit();
- value = e.getValue();
-
- } else {
- if ((flags & OpFlags.CHECK_NOKEY) > 0) {
- assertFalse(region.containsKey(key));
- } else {
- assertTrue(region.containsKey(key) || ((LocalRegion)region).getRegionEntry(key).isTombstone());
- region.localInvalidate(key);
- }
- value = region.get(key);
- }
-
- if ((flags & OpFlags.CHECK_FAIL) > 0) {
- assertFalse(expectedVal.equals(value));
- } else {
- assertNotNull(value);
- assertEquals(expectedVal, value);
- }
-
- } else if (op.isPut()) {
- region.put(key, expectedVal);
-
- } else if (op.isPutAll()) {
- HashMap map = new HashMap();
- for (int i=0; i<indices.length; i++) {
- map.put(keys[indices[i]], vals[indices[i]]);
- }
- region.putAll(map);
- breakLoop = true;
-
- } else if (op.isDestroy()) {
- // if (!region.containsKey(key)) {
- // // Since DESTROY will fail unless the value is present
- // // in the local cache, this is a workaround for two cases:
- // // 1. When the operation is supposed to succeed then in
- // // the current AuthzCredentialGenerators the clients having
- // // DESTROY permission also has CREATE/UPDATE permission
- // // so that calling region.put() will work for that case.
- // // 2. When the operation is supposed to fail with
- // // NotAuthorizedException then in the current
- // // AuthzCredentialGenerators the clients not
- // // having DESTROY permission are those with reader role that have
- // // GET permission.
- // //
- // // If either of these assumptions fails, then this has to be
- // // adjusted or reworked accordingly.
- // if ((flags & OpFlags.CHECK_NOTAUTHZ) > 0) {
- // Object value = region.get(key);
- // assertNotNull(value);
- // assertIndexDetailsEquals(vals[index], value);
- // }
- // else {
- // region.put(key, vals[index]);
- // }
- // }
- if ((flags & OpFlags.LOCAL_OP) > 0) {
- region.localDestroy(key);
- }
- else {
- region.destroy(key);
- }
-
- } else if (op.isInvalidate()) {
- if (region.containsKey(key)) {
- if ((flags & OpFlags.LOCAL_OP) > 0) {
- region.localInvalidate(key);
- } else {
- region.invalidate(key);
- }
- }
-
- } else if (op.isContainsKey()) {
- boolean result;
- if ((flags & OpFlags.LOCAL_OP) > 0) {
- result = region.containsKey(key);
- } else {
- result = region.containsKeyOnServer(key);
- }
- if ((flags & OpFlags.CHECK_FAIL) > 0) {
- assertFalse(result);
- } else {
- assertTrue(result);
- }
-
- } else if (op.isRegisterInterest()) {
- if ((flags & OpFlags.USE_LIST) > 0) {
- breakLoop = true;
- // Register interest list in this case
- List keyList = new ArrayList(numOps);
- for (int keyNumIndex = 0; keyNumIndex < numOps; ++keyNumIndex) {
- int keyNum = indices[keyNumIndex];
- keyList.add(keys[keyNum]);
- }
- region.registerInterest(keyList, policy);
-
- } else if ((flags & OpFlags.USE_REGEX) > 0) {
- breakLoop = true;
- region.registerInterestRegex("key[1-" + numOps + ']', policy);
-
- } else if ((flags & OpFlags.USE_ALL_KEYS) > 0) {
- breakLoop = true;
- region.registerInterest("ALL_KEYS", policy);
-
- } else {
- region.registerInterest(key, policy);
- }
-
- } else if (op.isUnregisterInterest()) {
- if ((flags & OpFlags.USE_LIST) > 0) {
- breakLoop = true;
- // Register interest list in this case
- List keyList = new ArrayList(numOps);
- for (int keyNumIndex = 0; keyNumIndex < numOps; ++keyNumIndex) {
- int keyNum = indices[keyNumIndex];
- keyList.add(keys[keyNum]);
- }
- region.unregisterInterest(keyList);
-
- } else if ((flags & OpFlags.USE_REGEX) > 0) {
- breakLoop = true;
- region.unregisterInterestRegex("key[1-" + numOps + ']');
-
- } else if ((flags & OpFlags.USE_ALL_KEYS) > 0) {
- breakLoop = true;
- region.unregisterInterest("ALL_KEYS");
-
- } else {
- region.unregisterInterest(key);
- }
-
- } else if (op.isKeySet()) {
- breakLoop = true;
- Set keySet;
- if ((flags & OpFlags.LOCAL_OP) > 0) {
- keySet = region.keySet();
- } else {
- keySet = region.keySetOnServer();
- }
-
- assertNotNull(keySet);
- if ((flags & OpFlags.CHECK_FAIL) == 0) {
- assertEquals(numOps, keySet.size());
- }
- for (int keyNumIndex = 0; keyNumIndex < numOps; ++keyNumIndex) {
- int keyNum = indices[keyNumIndex];
- if ((flags & OpFlags.CHECK_FAIL) > 0) {
- assertFalse(keySet.contains(keys[keyNum]));
- } else {
- assertTrue(keySet.contains(keys[keyNum]));
- }
- }
-
- } else if (op.isQuery()) {
- breakLoop = true;
- SelectResults queryResults = region.query("SELECT DISTINCT * FROM " + region.getFullPath());
- assertNotNull(queryResults);
- Set queryResultSet = queryResults.asSet();
- if ((flags & OpFlags.CHECK_FAIL) == 0) {
- assertEquals(numOps, queryResultSet.size());
- }
- for (int keyNumIndex = 0; keyNumIndex < numOps; ++keyNumIndex) {
- int keyNum = indices[keyNumIndex];
- if ((flags & OpFlags.CHECK_FAIL) > 0) {
- assertFalse(queryResultSet.contains(vals[keyNum]));
- } else {
- assertTrue(queryResultSet.contains(vals[keyNum]));
- }
- }
-
- } else if (op.isExecuteCQ()) {
- breakLoop = true;
- QueryService queryService = getCache().getQueryService();
- CqQuery cqQuery;
- if ((cqQuery = queryService.getCq("cq1")) == null) {
- CqAttributesFactory cqFact = new CqAttributesFactory();
- cqFact.addCqListener(new AuthzCqListener());
- CqAttributes cqAttrs = cqFact.create();
- cqQuery = queryService.newCq("cq1", "SELECT * FROM " + region.getFullPath(), cqAttrs);
- }
-
- if ((flags & OpFlags.LOCAL_OP) > 0) {
- // Interpret this as testing results using CqListener
- final AuthzCqListener listener = (AuthzCqListener)cqQuery.getCqAttributes().getCqListener();
- WaitCriterion ev = new WaitCriterion() {
- @Override
- public boolean done() {
- if ((flags & OpFlags.CHECK_FAIL) > 0) {
- return 0 == listener.getNumUpdates();
- } else {
- return numOps == listener.getNumUpdates();
- }
- }
- @Override
- public String description() {
- return null;
- }
- };
- waitForCriterion(ev, 3 * 1000, 200, true);
-
- if ((flags & OpFlags.CHECK_FAIL) > 0) {
- assertEquals(0, listener.getNumUpdates());
- } else {
- assertEquals(numOps, listener.getNumUpdates());
- listener.checkPuts(vals, indices);
- }
-
- assertEquals(0, listener.getNumCreates());
- assertEquals(0, listener.getNumDestroys());
- assertEquals(0, listener.getNumOtherOps());
- assertEquals(0, listener.getNumErrors());
-
- } else {
- SelectResults cqResults = cqQuery.executeWithInitialResults();
- assertNotNull(cqResults);
- Set cqResultValues = new HashSet();
- for (Object o : cqResults.asList()) {
- Struct s = (Struct)o;
- cqResultValues.add(s.get("value"));
- }
-
- Set cqResultSet = cqResults.asSet();
- if ((flags & OpFlags.CHECK_FAIL) == 0) {
- assertEquals(numOps, cqResultSet.size());
- }
-
- for (int keyNumIndex = 0; keyNumIndex < numOps; ++keyNumIndex) {
- int keyNum = indices[keyNumIndex];
- if ((flags & OpFlags.CHECK_FAIL) > 0) {
- assertFalse(cqResultValues.contains(vals[keyNum]));
- } else {
- assertTrue(cqResultValues.contains(vals[keyNum]));
- }
- }
- }
-
- } else if (op.isStopCQ()) {
- breakLoop = true;
- CqQuery cqQuery = getCache().getQueryService().getCq("cq1");
- ((AuthzCqListener)cqQuery.getCqAttributes().getCqListener()).reset();
- cqQuery.stop();
-
- } else if (op.isCloseCQ()) {
- breakLoop = true;
- CqQuery cqQuery = getCache().getQueryService().getCq("cq1");
- ((AuthzCqListener)cqQuery.getCqAttributes().getCqListener()).reset();
- cqQuery.close();
-
- } else if (op.isRegionClear()) {
- breakLoop = true;
- if ((flags & OpFlags.LOCAL_OP) > 0) {
- region.localClear();
- } else {
- region.clear();
- }
-
- } else if (op.isRegionCreate()) {
- breakLoop = true;
- // Region subregion = createSubregion(region);
- // subregion.createRegionOnServer();
- // Create region on server using the DynamicRegionFactory
- // Assume it has been already initialized
- DynamicRegionFactory drf = DynamicRegionFactory.get();
- Region subregion = drf.createDynamicRegion(regionName, SUBREGION_NAME);
- assertEquals('/' + regionName + '/' + SUBREGION_NAME, subregion.getFullPath());
-
- } else if (op.isRegionDestroy()) {
- breakLoop = true;
- if ((flags & OpFlags.LOCAL_OP) > 0) {
- region.localDestroyRegion();
-
- } else {
- if ((flags & OpFlags.USE_SUBREGION) > 0) {
- try {
- DynamicRegionFactory.get().destroyDynamicRegion(region.getFullPath());
- } catch (RegionDestroyedException ex) {
- // harmless to ignore this
- System.out.println("doOp: sub-region " + region.getFullPath() + " already destroyed");
- operationOmitted = true;
- }
- } else {
- region.destroyRegion();
- }
- }
-
- } else {
- fail("doOp: Unhandled operation " + op);
- }
-
- if (expectedResult != NO_EXCEPTION) {
- if (!operationOmitted && !op.isUnregisterInterest()) {
- fail("Expected an exception while performing operation op =" + op + "flags = " + OpFlags.description(flags));
- }
- }
-
- } catch (Exception ex) {
- exceptionOccured = true;
- if ((ex instanceof ServerConnectivityException || ex instanceof QueryInvocationTargetException || ex instanceof CqException)
- && (expectedResult == NOTAUTHZ_EXCEPTION) && (ex.getCause() instanceof NotAuthorizedException)) {
- System.out.println("doOp: Got expected NotAuthorizedException when doing operation [" + op + "] with flags " + OpFlags.description(flags) + ": " + ex.getCause());
- continue;
- } else if (expectedResult == OTHER_EXCEPTION) {
- System.out.println("doOp: Got expected exception when doing operation: " + ex.toString());
- continue;
- } else {
- fail("doOp: Got unexpected exception when doing operation. Policy = " + policy + " flags = " + OpFlags.description(flags), ex);
- }
- }
- }
- if (!exceptionOccured && !operationOmitted && expectedResult != NO_EXCEPTION) {
- fail("Expected an exception while performing operation: " + op + " flags = " + OpFlags.description(flags));
- }
- }
-
- protected void executeOpBlock(final List<OperationWithAction> opBlock, final int port1, final int port2, final String authInit, final Properties extraAuthProps, final Properties extraAuthzProps, final TestCredentialGenerator credentialGenerator, final Random random) throws InterruptedException {
- for (Iterator<OperationWithAction> opIter = opBlock.iterator(); opIter.hasNext();) {
- // Start client with valid credentials as specified in OperationWithAction
- OperationWithAction currentOp = opIter.next();
- OperationCode opCode = currentOp.getOperationCode();
- int opFlags = currentOp.getFlags();
- int clientNum = currentOp.getClientNum();
- VM clientVM = null;
- boolean useThisVM = false;
-
- switch (clientNum) {
- case 1:
- clientVM = client1;
- break;
- case 2:
- clientVM = client2;
- break;
- case 3:
- useThisVM = true;
- break;
- default:
- fail("executeOpBlock: Unknown client number " + clientNum);
- break;
- }
-
- System.out.println("executeOpBlock: performing operation number [" + currentOp.getOpNum() + "]: " + currentOp);
- if ((opFlags & OpFlags.USE_OLDCONN) == 0) {
- Properties opCredentials;
- int newRnd = random.nextInt(100) + 1;
- String currentRegionName = '/' + regionName;
- if ((opFlags & OpFlags.USE_SUBREGION) > 0) {
- currentRegionName += ('/' + SUBREGION_NAME);
- }
-
- String credentialsTypeStr;
- OperationCode authOpCode = currentOp.getAuthzOperationCode();
- int[] indices = currentOp.getIndices();
- CredentialGenerator cGen = credentialGenerator.getCredentialGenerator();
- final Properties javaProps = cGen == null ? null : cGen.getJavaProperties();
-
- if ((opFlags & OpFlags.CHECK_NOTAUTHZ) > 0 || (opFlags & OpFlags.USE_NOTAUTHZ) > 0) {
- opCredentials = credentialGenerator.getDisallowedCredentials(new OperationCode[] { authOpCode }, new String[] { currentRegionName }, indices, newRnd);
- credentialsTypeStr = " unauthorized " + authOpCode;
- } else {
- opCredentials = credentialGenerator.getAllowedCredentials(new OperationCode[] { opCode, authOpCode }, new String[] { currentRegionName }, indices, newRnd);
- credentialsTypeStr = " authorized " + authOpCode;
- }
-
- Properties clientProps = concatProperties(new Properties[] { opCredentials, extraAuthProps, extraAuthzProps });
- // Start the client with valid credentials but allowed or disallowed to perform an operation
- System.out.println("executeOpBlock: For client" + clientNum + credentialsTypeStr + " credentials: " + opCredentials);
- boolean setupDynamicRegionFactory = (opFlags & OpFlags.ENABLE_DRF) > 0;
-
- if (useThisVM) {
- SecurityTestUtils.createCacheClientWithDynamicRegion(authInit, clientProps, javaProps, new int[] { port1, port2 }, 0, setupDynamicRegionFactory, NO_EXCEPTION);
- } else {
- clientVM.invoke("SecurityTestUtils.createCacheClientWithDynamicRegion",
- () -> SecurityTestUtils.createCacheClientWithDynamicRegion(authInit, clientProps, javaProps, new int[] { port1, port2 }, 0, setupDynamicRegionFactory, NO_EXCEPTION));
- }
- }
-
- int expectedResult;
- if ((opFlags & OpFlags.CHECK_NOTAUTHZ) > 0) {
- expectedResult = NOTAUTHZ_EXCEPTION;
- } else if ((opFlags & OpFlags.CHECK_EXCEPTION) > 0) {
- expectedResult = OTHER_EXCEPTION;
- } else {
- expectedResult = NO_EXCEPTION;
- }
-
- // Perform the operation from selected client
- if (useThisVM) {
- doOp(opCode, currentOp.getIndices(), new Integer(opFlags), new Integer(expectedResult));
- } else {
- int[] indices = currentOp.getIndices();
- clientVM.invoke("ClientAuthorizationTestCase.doOp",
- () -> ClientAuthorizationTestCase.doOp( opCode, indices, new Integer(opFlags), new Integer(expectedResult) ));
- }
- }
- }
-
- protected AuthzCredentialGenerator getXmlAuthzGenerator(){
- AuthzCredentialGenerator authzGen = new XmlAuthzCredentialGenerator();
- CredentialGenerator cGen = new DummyCredentialGenerator();
- cGen.init();
- authzGen.init(cGen);
- return authzGen;
- }
-
- protected List<AuthzCredentialGenerator> getDummyGeneratorCombos() {
- List<AuthzCredentialGenerator> generators = new ArrayList<>();
- Iterator authzCodeIter = AuthzCredentialGenerator.ClassCode.getAll().iterator();
-
- while (authzCodeIter.hasNext()) {
- ClassCode authzClassCode = (ClassCode) authzCodeIter.next();
- AuthzCredentialGenerator authzGen = AuthzCredentialGenerator.create(authzClassCode);
-
- if (authzGen != null) {
- CredentialGenerator cGen = new DummyCredentialGenerator();
- cGen.init();
- if (authzGen.init(cGen)) {
- generators.add(authzGen);
- }
- }
- }
-
- assertTrue(generators.size() > 0);
- return generators;
- }
-
- protected void runOpsWithFailOver(final OperationWithAction[] opCodes, final String testName) throws InterruptedException {
- AuthzCredentialGenerator gen = getXmlAuthzGenerator();
- CredentialGenerator cGen = gen.getCredentialGenerator();
- Properties extraAuthProps = cGen.getSystemProperties();
- Properties javaProps = cGen.getJavaProperties();
- Properties extraAuthzProps = gen.getSystemProperties();
- String authenticator = cGen.getAuthenticator();
- String authInit = cGen.getAuthInit();
- String accessor = gen.getAuthorizationCallback();
- TestAuthzCredentialGenerator tgen = new TestAuthzCredentialGenerator(gen);
-
- System.out.println(testName + ": Using authinit: " + authInit);
- System.out.println(testName + ": Using authenticator: " + authenticator);
- System.out.println(testName + ": Using accessor: " + accessor);
-
- // Start servers with all required properties
- Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps);
-
- // Get ports for the servers
- List<Keeper> randomAvailableTCPPortKeepers = AvailablePortHelper.getRandomAvailableTCPPortKeepers(4);
- Keeper locator1PortKeeper = randomAvailableTCPPortKeepers.get(0);
- Keeper locator2PortKeeper = randomAvailableTCPPortKeepers.get(1);
- Keeper port1Keeper = randomAvailableTCPPortKeepers.get(2);
- Keeper port2Keeper = randomAvailableTCPPortKeepers.get(3);
- int locator1Port = locator1PortKeeper.getPort();
- int locator2Port = locator2PortKeeper.getPort();
- int port1 = port1Keeper.getPort();
- int port2 = port2Keeper.getPort();
-
- // Perform all the ops on the clients
- List opBlock = new ArrayList();
- Random rnd = new Random();
-
- for (int opNum = 0; opNum < opCodes.length; ++opNum) {
- // Start client with valid credentials as specified in OperationWithAction
- OperationWithAction currentOp = opCodes[opNum];
-
- if (currentOp.equals(OperationWithAction.OPBLOCK_END) || currentOp.equals(OperationWithAction.OPBLOCK_NO_FAILOVER)) {
- // End of current operation block; execute all the operations on the servers with/without failover
- if (opBlock.size() > 0) {
- locator1PortKeeper.release();
- port1Keeper.release();
-
- // Start the first server and execute the operation block
- server1.invoke("createCacheServer", () -> ClientAuthorizationTestCase.createCacheServer(locator1Port, port1, serverProps, javaProps ));
- server2.invoke("closeCache", () -> closeCache());
-
- executeOpBlock(opBlock, port1, port2, authInit, extraAuthProps, extraAuthzProps, tgen, rnd);
-
- if (!currentOp.equals(OperationWithAction.OPBLOCK_NO_FAILOVER)) {
- // Failover to the second server and run the block again
- locator2PortKeeper.release();
- port2Keeper.release();
-
- server2.invoke("createCacheServer", () -> ClientAuthorizationTestCase.createCacheServer(locator2Port, port2, serverProps, javaProps ));
- server1.invoke("closeCache", () -> closeCache());
-
- executeOpBlock(opBlock, port1, port2, authInit, extraAuthProps, extraAuthzProps, tgen, rnd);
- }
- opBlock.clear();
- }
-
- } else {
- currentOp.setOpNum(opNum);
- opBlock.add(currentOp);
- }
- }
- }
-
- /**
- * Implements the {@link CqListener} interface and counts the number of
- * different operations and also queues up the received updates to precise
- * checking of each update.
- *
- * @since GemFire 5.5
- */
- private static class AuthzCqListener implements CqListener {
-
- private List<CqEvent> eventList;
- private int numCreates;
- private int numUpdates;
- private int numDestroys;
- private int numOtherOps;
- private int numErrors;
-
- public AuthzCqListener() {
- this.eventList = new ArrayList<>();
- reset();
- }
-
- public void reset() {
- this.eventList.clear();
- this.numCreates = 0;
- this.numUpdates = 0;
- this.numErrors = 0;
- }
-
- public void onEvent(final CqEvent aCqEvent) {
- Operation op = aCqEvent.getBaseOperation();
- if (op.isCreate()) {
- ++this.numCreates;
- } else if (op.isUpdate()) {
- ++this.numUpdates;
- } else if (op.isDestroy()) {
- ++this.numDestroys;
- } else {
- ++this.numOtherOps;
- }
- eventList.add(aCqEvent);
- }
-
- public void onError(final CqEvent aCqEvent) {
- ++this.numErrors;
- }
-
- public void close() {
- this.eventList.clear();
- }
-
- public int getNumCreates() {
- return this.numCreates;
- }
-
- public int getNumUpdates() {
- return this.numUpdates;
- }
-
- public int getNumDestroys() {
- return this.numDestroys;
- }
-
- public int getNumOtherOps() {
- return this.numOtherOps;
- }
-
- public int getNumErrors() {
- return this.numErrors;
- }
-
- public void checkPuts(final String[] vals, final int[] indices) {
- for (int indexIndex = 0; indexIndex < indices.length; ++indexIndex) {
- int index = indices[indexIndex];
- boolean foundKey = false;
-
- for (Iterator<CqEvent> eventIter = this.eventList.iterator(); eventIter.hasNext();) {
- CqEvent event = (CqEvent)eventIter.next();
- if (KEYS[index].equals(event.getKey())) {
- assertEquals(vals[index], event.getNewValue());
- foundKey = true;
- break;
- }
- }
-
- assertTrue(foundKey);
- }
- }
- }
-
- /**
- * This class specifies flags that can be used to alter the behaviour of
- * operations being performed by the <code>doOp</code> function.
- *
- * @since GemFire 5.5
- */
- protected static class OpFlags {
-
- /**
- * Default behaviour.
- */
- public static final int NONE = 0x0;
-
- /**
- * Check that the operation should fail.
- */
- public static final int CHECK_FAIL = 0x1;
-
- /**
- * Check that the operation should throw <code>NotAuthorizedException</code>.
- */
- public static final int CHECK_NOTAUTHZ = 0x2;
-
- /**
- * Check that the region should not be available.
- */
- public static final int CHECK_NOREGION = 0x4;
-
- /**
- * Check that the operation should throw an exception other than the
- * <code>NotAuthorizedException</code>.
- */
- public static final int CHECK_EXCEPTION = 0x8;
-
- /**
- * Check for nvalues[] instead of values[].
- */
- public static final int USE_NEWVAL = 0x10;
-
- /**
- * Register all KEYS. For GET operations indicates using getAll().
- */
- public static final int USE_ALL_KEYS = 0x20;
-
- /**
- * Register a regular expression.
- */
- public static final int USE_REGEX = 0x40;
-
- /**
- * Register a list of KEYS.
- */
- public static final int USE_LIST = 0x80;
-
- /**
- * Perform the local version of the operation.
- */
- public static final int LOCAL_OP = 0x100;
-
- /**
- * Check that the key for the operation should not be present.
- */
- public static final int CHECK_NOKEY = 0x200;
-
- /**
- * Use the sub-region for performing the operation.
- */
- public static final int USE_SUBREGION = 0x400;
-
- /**
- * Do not try to create the sub-region.
- */
- public static final int NO_CREATE_SUBREGION = 0x800;
-
- /**
- * Do not re-connect using new credentials rather use the previous
- * connection.
- */
- public static final int USE_OLDCONN = 0x1000;
-
- /**
- * Do the connection with unauthorized credentials but do not check that the
- * operation throws <code>NotAuthorizedException</code>.
- */
- public static final int USE_NOTAUTHZ = 0x2000;
-
- /**
- * Enable {@link DynamicRegionFactory} on the client.
- */
- public static final int ENABLE_DRF = 0x4000;
-
- /**
- * Use the {@link InterestResultPolicy#NONE} for register interest.
- */
- public static final int REGISTER_POLICY_NONE = 0x8000;
-
- /**
- * Use the {@link LocalRegion#getEntry} under transaction.
- */
- public static final int USE_GET_ENTRY_IN_TX = 0x10000;
-
- public static String description(int f) {
- StringBuffer sb = new StringBuffer();
- sb.append("[");
- if ((f & CHECK_FAIL) != 0) {
- sb.append("CHECK_FAIL,");
- }
- if ((f & CHECK_NOTAUTHZ) != 0) {
- sb.append("CHECK_NOTAUTHZ,");
- }
- if ((f & CHECK_NOREGION) != 0) {
- sb.append("CHECK_NOREGION,");
- }
- if ((f & CHECK_EXCEPTION) != 0) {
- sb.append("CHECK_EXCEPTION,");
- }
- if ((f & USE_NEWVAL) != 0) {
- sb.append("USE_NEWVAL,");
- }
- if ((f & USE_ALL_KEYS) != 0) {
- sb.append("USE_ALL_KEYS,");
- }
- if ((f & USE_REGEX) != 0) {
- sb.append("USE_REGEX,");
- }
- if ((f & USE_LIST) != 0) {
- sb.append("USE_LIST,");
- }
- if ((f & LOCAL_OP) != 0) {
- sb.append("LOCAL_OP,");
- }
- if ((f & CHECK_NOKEY) != 0) {
- sb.append("CHECK_NOKEY,");
- }
- if ((f & USE_SUBREGION) != 0) {
- sb.append("USE_SUBREGION,");
- }
- if ((f & NO_CREATE_SUBREGION) != 0) {
- sb.append("NO_CREATE_SUBREGION,");
- }
- if ((f & USE_OLDCONN) != 0) {
- sb.append("USE_OLDCONN,");
- }
- if ((f & USE_NOTAUTHZ) != 0) {
- sb.append("USE_NOTAUTHZ");
- }
- if ((f & ENABLE_DRF) != 0) {
- sb.append("ENABLE_DRF,");
- }
- if ((f & REGISTER_POLICY_NONE) != 0) {
- sb.append("REGISTER_POLICY_NONE,");
- }
- sb.append("]");
- return sb.toString();
- }
- }
-
- /**
- * This class encapsulates an {@link OperationCode} with associated flags, the
- * client to perform the operation, and the number of operations to perform.
- *
- * @since GemFire 5.5
- */
- protected static class OperationWithAction {
-
- /**
- * The operation to be performed.
- */
- private OperationCode opCode;
-
- /**
- * The operation for which authorized or unauthorized credentials have to be
- * generated. This is the same as {@link #opCode} when not specified.
- */
- private OperationCode authzOpCode;
-
- /**
- * The client number on which the operation has to be performed.
- */
- private int clientNum;
-
- /**
- * Bitwise or'd {@link OpFlags} integer to change/specify the behaviour of the operations.
- */
- private int flags;
-
- /**
- * Indices of the KEYS array to be used for operations.
- */
- private int[] indices;
-
- /**
- * An index for the operation used for logging.
- */
- private int opNum;
-
- /**
- * Indicates end of an operation block which can be used for testing with failover
- */
- public static final OperationWithAction OPBLOCK_END = new OperationWithAction(null, 4);
-
- /**
- * Indicates end of an operation block which should not be used for testing with failover
- */
- public static final OperationWithAction OPBLOCK_NO_FAILOVER = new OperationWithAction(null, 5);
-
- private void setIndices(int numOps) {
- this.indices = new int[numOps];
- for (int index = 0; index < numOps; ++index) {
- this.indices[index] = index;
- }
- }
-
- public OperationWithAction(final OperationCode opCode) {
- this.opCode = opCode;
- this.authzOpCode = opCode;
- this.clientNum = 1;
- this.flags = OpFlags.NONE;
- setIndices(4);
- this.opNum = 0;
- }
-
- public OperationWithAction(final OperationCode opCode, final int clientNum) {
- this.opCode = opCode;
- this.authzOpCode = opCode;
- this.clientNum = clientNum;
- this.flags = OpFlags.NONE;
- setIndices(4);
- this.opNum = 0;
- }
-
- public OperationWithAction(final OperationCode opCode, final int clientNum, final int flags, final int numOps) {
- this.opCode = opCode;
- this.authzOpCode = opCode;
- this.clientNum = clientNum;
- this.flags = flags;
- setIndices(numOps);
- this.opNum = 0;
- }
-
- public OperationWithAction(final OperationCode opCode, final OperationCode deniedOpCode, final int clientNum, final int flags, final int numOps) {
- this.opCode = opCode;
- this.authzOpCode = deniedOpCode;
- this.clientNum = clientNum;
- this.flags = flags;
- setIndices(numOps);
- this.opNum = 0;
- }
-
- public OperationWithAction(final OperationCode opCode, final int clientNum, final int flags, final int[] indices) {
- this.opCode = opCode;
- this.authzOpCode = opCode;
- this.clientNum = clientNum;
- this.flags = flags;
- this.indices = indices;
- this.opNum = 0;
- }
-
- public OperationWithAction(final OperationCode opCode, final OperationCode deniedOpCode, final int clientNum, final int flags, final int[] indices) {
- this.opCode = opCode;
- this.authzOpCode = deniedOpCode;
- this.clientNum = clientNum;
- this.flags = flags;
- this.indices = indices;
- this.opNum = 0;
- }
-
- public OperationCode getOperationCode() {
- return this.opCode;
- }
-
- public OperationCode getAuthzOperationCode() {
- return this.authzOpCode;
- }
-
- public int getClientNum() {
- return this.clientNum;
- }
-
- public int getFlags() {
- return this.flags;
- }
-
- public int[] getIndices() {
- return this.indices;
- }
-
- public int getOpNum() {
- return this.opNum;
- }
-
- public void setOpNum(int opNum) {
- this.opNum = opNum;
- }
-
- @Override
- public String toString() {
- return "opCode:" + this.opCode + ",authOpCode:" + this.authzOpCode + ",clientNum:" + this.clientNum + ",flags:" + this.flags + ",numOps:" + this.indices.length + ",indices:" + indicesToString(this.indices);
- }
- }
-
- /**
- * Simple interface to generate credentials with authorization based on key
- * indices also. This is utilized by the post-operation authorization tests
- * where authorization is based on key indices.
- *
- * @since GemFire 5.5
- */
- protected interface TestCredentialGenerator {
-
- /**
- * Get allowed credentials for the given set of operations in the given
- * regions and indices of KEYS in the <code>KEYS</code> array
- */
- public Properties getAllowedCredentials(OperationCode[] opCodes, String[] regionNames, int[] keyIndices, int num);
-
- /**
- * Get disallowed credentials for the given set of operations in the given
- * regions and indices of KEYS in the <code>KEYS</code> array
- */
- public Properties getDisallowedCredentials(OperationCode[] opCodes, String[] regionNames, int[] keyIndices, int num);
-
- /**
- * Get the {@link CredentialGenerator} if any.
- */
- public CredentialGenerator getCredentialGenerator();
- }
-
- /**
- * Contains a {@link AuthzCredentialGenerator} and implements the
- * {@link TestCredentialGenerator} interface.
- *
- * @since GemFire 5.5
- */
- protected static class TestAuthzCredentialGenerator implements TestCredentialGenerator {
-
- private AuthzCredentialGenerator authzGen;
-
- public TestAuthzCredentialGenerator(final AuthzCredentialGenerator authzGen) {
- this.authzGen = authzGen;
- }
-
- public Properties getAllowedCredentials(final OperationCode[] opCodes, final String[] regionNames, final int[] keyIndices, final int num) {
- return this.authzGen.getAllowedCredentials(opCodes, regionNames, num);
- }
-
- public Properties getDisallowedCredentials(final OperationCode[] opCodes, final String[] regionNames, final int[] keyIndices, final int num) {
- return this.authzGen.getDisallowedCredentials(opCodes, regionNames, num);
- }
-
- public CredentialGenerator getCredentialGenerator() {
- return authzGen.getCredentialGenerator();
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/ClientMultiUserAuthzDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientMultiUserAuthzDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/ClientMultiUserAuthzDUnitTest.java
deleted file mode 100644
index 38f9988..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientMultiUserAuthzDUnitTest.java
+++ /dev/null
@@ -1,345 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.gemstone.gemfire.security;
-
-import static com.gemstone.gemfire.security.SecurityTestUtils.*;
-import static com.gemstone.gemfire.test.dunit.LogWriterUtils.*;
-
-import java.util.Iterator;
-import java.util.Properties;
-
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import com.gemstone.gemfire.cache.Region;
-import com.gemstone.gemfire.cache.execute.Function;
-import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
-import com.gemstone.gemfire.internal.cache.GemFireCacheImpl;
-import com.gemstone.gemfire.internal.cache.execute.PRClientServerTestBase;
-import com.gemstone.gemfire.internal.cache.functions.TestFunction;
-import com.gemstone.gemfire.security.generator.AuthzCredentialGenerator;
-import com.gemstone.gemfire.security.generator.CredentialGenerator;
-import com.gemstone.gemfire.test.dunit.VM;
-import com.gemstone.gemfire.test.junit.categories.DistributedTest;
-import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-
-@Category({ DistributedTest.class, SecurityTest.class })
-public class ClientMultiUserAuthzDUnitTest extends ClientAuthorizationTestCase {
-
- @Override
- public final void preTearDownClientAuthorizationTestBase() throws Exception {
- closeCache();
- }
-
- /**
- * Tests with one user authorized to do puts/gets/containsKey/destroys and
- * another not authorized for the same.
- */
- @Test
- public void testOps1() throws Exception {
- for (Iterator<AuthzCredentialGenerator> iter = getDummyGeneratorCombos().iterator(); iter.hasNext();) {
- AuthzCredentialGenerator gen = iter.next();
- CredentialGenerator cGen = gen.getCredentialGenerator();
- Properties extraAuthProps = cGen.getSystemProperties();
- Properties javaProps = cGen.getJavaProperties();
- Properties extraAuthzProps = gen.getSystemProperties();
- String authenticator = cGen.getAuthenticator();
- String authInit = cGen.getAuthInit();
- String accessor = gen.getAuthorizationCallback();
-
- getLogWriter().info("testOps1: Using authinit: " + authInit);
- getLogWriter().info("testOps1: Using authenticator: " + authenticator);
- getLogWriter().info("testOps1: Using accessor: " + accessor);
-
- // Start servers with all required properties
- Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps);
-
- int port1 = createCacheServerOnVM(server1, javaProps, serverProps);
- int port2 = createCacheServerOnVM(server2, javaProps, serverProps);
-
- if (!prepareClientsForOps(gen, cGen, new OperationCode[] { OperationCode.PUT, OperationCode.PUT}, new OperationCode[] { OperationCode.GET, OperationCode.GET}, javaProps, authInit, port1, port2)) {
- continue;
- }
-
- verifyPutsGets();
-
- if (!prepareClientsForOps(gen, cGen, new OperationCode[] { OperationCode.PUT, OperationCode.CONTAINS_KEY}, new OperationCode[] { OperationCode.DESTROY, OperationCode.DESTROY}, javaProps, authInit, port1, port2)) {
- continue;
- }
-
- verifyContainsKeyDestroys();
-
- if (!prepareClientsForOps(gen, cGen, new OperationCode[] { OperationCode.PUT, OperationCode.CONTAINS_KEY}, new OperationCode[] { OperationCode.INVALIDATE, OperationCode.INVALIDATE}, javaProps, authInit, port1, port2)) {
- continue;
- }
-
- verifyContainsKeyInvalidates();
-
- if (!prepareClientsForOps(gen, cGen, new OperationCode[] { OperationCode.GET, OperationCode.GET}, new OperationCode[] { OperationCode.REGION_DESTROY, OperationCode.REGION_DESTROY}, javaProps, authInit, port1, port2)) {
- continue;
- }
-
- verifyGetAllInTX();
- verifyGetAllRegionDestroys();
- }
- }
-
- /**
- * Test query/function execute
- */
- @Test
- public void testOps2() throws Exception {
- AuthzCredentialGenerator gen = getXmlAuthzGenerator();
- CredentialGenerator cGen = gen.getCredentialGenerator();
- Properties extraAuthProps = cGen.getSystemProperties();
- Properties javaProps = cGen.getJavaProperties();
- Properties extraAuthzProps = gen.getSystemProperties();
- String authenticator = cGen.getAuthenticator();
- String authInit = cGen.getAuthInit();
- String accessor = gen.getAuthorizationCallback();
-
- getLogWriter().info("testOps2: Using authinit: " + authInit);
- getLogWriter().info("testOps2: Using authenticator: " + authenticator);
- getLogWriter().info("testOps2: Using accessor: " + accessor);
-
- // Start servers with all required properties
- Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps);
-
- int port1 = createCacheServerOnVM(server1, javaProps, serverProps);
- int port2 = createCacheServerOnVM(server2, javaProps, serverProps);
-
- // Start client1 with valid/invalid QUERY credentials
- Properties[] client1Credentials = new Properties[] {
- gen.getAllowedCredentials(new OperationCode[] {OperationCode.PUT, OperationCode.QUERY}, new String[] {regionName}, 1),
- gen.getDisallowedCredentials(new OperationCode[] {OperationCode.PUT, OperationCode.QUERY}, new String[] {regionName}, 1)
- };
-
- javaProps = cGen.getJavaProperties();
- getLogWriter().info("testOps2: For first client credentials: " + client1Credentials[0] + "\n" + client1Credentials[1]);
-
- final Properties finalJavaProps = javaProps;
- client1.invoke(() -> createCacheClientForMultiUserMode(2, authInit, client1Credentials, finalJavaProps, new int[] {port1, port2}, -1, false, NO_EXCEPTION));
-
- // Start client2 with valid/invalid EXECUTE_FUNCTION credentials
- Properties[] client2Credentials = new Properties[] {
- gen.getAllowedCredentials(new OperationCode[] {OperationCode.EXECUTE_FUNCTION}, new String[] {regionName}, 2),
- gen.getDisallowedCredentials(new OperationCode[] {OperationCode.EXECUTE_FUNCTION}, new String[] {regionName}, 9)
- };
-
- javaProps = cGen.getJavaProperties();
- getLogWriter().info("testOps2: For second client credentials: " + client2Credentials[0] + "\n" + client2Credentials[1]);
-
- final Properties finalJavaProps2 = javaProps;
- client2.invoke(() -> createCacheClientForMultiUserMode(2, authInit, client2Credentials, finalJavaProps2, new int[] {port1, port2}, -1, false, NO_EXCEPTION));
-
- Function function = new TestFunction(true,TestFunction.TEST_FUNCTION1);
-
- server1.invoke(() -> PRClientServerTestBase.registerFunction(function));
-
- server2.invoke(() -> PRClientServerTestBase.registerFunction(function));
-
- // Perform some put operations before verifying queries
- client1.invoke(() -> doMultiUserPuts(4, 2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}));
- client1.invoke(() -> doMultiUserQueries(2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}, 4));
- client1.invoke(() -> doMultiUserQueryExecute(2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}, 4));
-
- // Verify that the FE succeeds/fails
- client2.invoke(() ->doMultiUserFE(2, function, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}, false));
-
- // Failover
- server1.invoke(() -> closeCache());
- Thread.sleep(2000);
-
- client1.invoke(() -> doMultiUserPuts(4, 2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}));
-
- client1.invoke(() -> doMultiUserQueries(2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}, 4));
- client1.invoke(() -> doMultiUserQueryExecute(2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}, 4));
-
- // Verify that the FE succeeds/fails
- client2.invoke(() -> doMultiUserFE(2, function, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}, true));
- }
-
- @Test
- public void testOpsWithClientsInDifferentModes() throws Exception {
- for (Iterator<AuthzCredentialGenerator> iter = getDummyGeneratorCombos().iterator(); iter.hasNext();) {
- AuthzCredentialGenerator gen = iter.next();
- CredentialGenerator cGen = gen.getCredentialGenerator();
- Properties extraAuthProps = cGen.getSystemProperties();
- Properties javaProps = cGen.getJavaProperties();
- Properties extraAuthzProps = gen.getSystemProperties();
- String authenticator = cGen.getAuthenticator();
- String authInit = cGen.getAuthInit();
- String accessor = gen.getAuthorizationCallback();
-
- getLogWriter().info("testOpsWithClientsInDifferentModes: Using authinit: " + authInit);
- getLogWriter().info("testOpsWithClientsInDifferentModes: Using authenticator: " + authenticator);
- getLogWriter().info("testOpsWithClientsInDifferentModes: Using accessor: " + accessor);
-
- // Start servers with all required properties
- Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps);
-
- int port1 = createCacheServerOnVM(server1, javaProps, serverProps);
- int port2 = createCacheServerOnVM(server2, javaProps, serverProps);
-
- if (!prepareClientsForOps(gen, cGen, new OperationCode[] { OperationCode.PUT, OperationCode.PUT}, new OperationCode[] { OperationCode.GET, OperationCode.GET}, javaProps, authInit, port1, port2, false, true)) {
- continue;
- }
-
- verifyPutsGets(false, true);
-
- if (!prepareClientsForOps(gen, cGen, new OperationCode[] { OperationCode.PUT, OperationCode.CONTAINS_KEY}, new OperationCode[] { OperationCode.DESTROY, OperationCode.DESTROY}, javaProps, authInit, port1, port2, false, false)) {
- continue;
- }
-
- verifyContainsKeyDestroys(false, false);
- }
- }
-
- private boolean prepareClientsForOps(final AuthzCredentialGenerator gen, final CredentialGenerator cGen, final OperationCode[] client1OpCodes, final OperationCode[] client2OpCodes, final Properties javaProps, final String authInit, final int port1, final int port2) {
- return prepareClientsForOps(gen, cGen, client1OpCodes, client2OpCodes, javaProps, authInit, port1, port2, true /* both clients in multiuser mode */, false /* unused */);
- }
-
- private boolean prepareClientsForOps(final AuthzCredentialGenerator gen, final CredentialGenerator cGen, final OperationCode[] client1OpCodes, final OperationCode[] client2OpCodes, Properties javaProps, final String authInit, final int port1, final int port2, final boolean bothClientsInMultiuserMode, final boolean allowOp) {
- // Start client1 with valid/invalid client1OpCodes credentials
- Properties[] client1Credentials = new Properties[] { gen.getAllowedCredentials(client1OpCodes, new String[] {regionName}, 1), gen.getDisallowedCredentials(new OperationCode[] {client1OpCodes[1]}, new String[] {regionName}, 1)};
-
- if (client1Credentials[0] == null || client1Credentials[0].size() == 0) {
- getLogWriter().info("testOps1: Unable to obtain valid credentials with " + client1OpCodes[0].toString() + " permission; skipping this combination.");
- return false;
- }
-
- if (client1Credentials[1] == null || client1Credentials[1].size() == 0) {
- getLogWriter().info("testOps1: Unable to obtain valid credentials with no " + client1OpCodes[0].toString() + " permission; skipping this combination.");
- return false;
- }
-
- javaProps = cGen.getJavaProperties();
- getLogWriter().info("testOps1: For first client credentials: " + client1Credentials[0] + "\n" + client1Credentials[1]);
- final Properties finalJavaProps = javaProps;
-
- client1.invoke(() -> createCacheClientForMultiUserMode(2, authInit, client1Credentials, finalJavaProps, new int[] {port1, port2}, -1, false, NO_EXCEPTION));
-
- // Start client2 with valid/invalid client2OpCodes credentials
- Properties[] client2Credentials = new Properties[] { gen.getAllowedCredentials(client2OpCodes, new String[] {regionName}, 2), gen.getDisallowedCredentials(client2OpCodes, new String[] {regionName}, 9)};
-
- if (client2Credentials[0] == null || client2Credentials[0].size() == 0) {
- getLogWriter().info("testOps1: Unable to obtain valid credentials with " + client2OpCodes[0].toString() + " permission; skipping this combination.");
- return false;
- }
-
- if (client2Credentials[1] == null || client2Credentials[1].size() == 0) {
- getLogWriter().info("testOps1: Unable to obtain valid credentials with no " + client2OpCodes[0].toString() + " permission; skipping this combination.");
- return false;
- }
-
- javaProps = cGen.getJavaProperties();
- getLogWriter().info("testOps1: For second client credentials: " + client2Credentials[0] + "\n" + client2Credentials[1]);
-
- if (bothClientsInMultiuserMode) {
- final Properties finalJavaProps2 = javaProps;
- client2.invoke(() -> createCacheClientForMultiUserMode(2, authInit, client2Credentials, finalJavaProps2, new int[] {port1, port2}, -1, false, NO_EXCEPTION));
-
- } else {
- int credentialsIndex = allowOp ? 0 : 1;
- final Properties finalJavaProps2 = javaProps;
- client2.invoke(() -> createCacheClient(authInit, client2Credentials[credentialsIndex], finalJavaProps2, new int[] {port1, port2}, -1, false, false, NO_EXCEPTION));
- }
-
- return true;
- }
-
- private void verifyPutsGets() throws Exception {
- verifyPutsGets(true, false /*unused */);
- }
-
- private void verifyPutsGets(final boolean isMultiuser, final boolean opAllowed) throws Exception {
- // Perform some put operations from client1
- client1.invoke(() -> doMultiUserPuts(2, 2, new int[] { NO_EXCEPTION, NOTAUTHZ_EXCEPTION}));
-
- // Verify that the gets succeed/fail
- if (isMultiuser) {
- client2.invoke(() -> doMultiUserGets(2, 2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}));
-
- } else {
- int expectedResult = (opAllowed) ? NO_EXCEPTION : NOTAUTHZ_EXCEPTION;
- client2.invoke(() -> doMultiUserGets(1, 1, new int[] {expectedResult}));
- }
- }
-
- private void verifyContainsKeyDestroys() throws Exception {
- verifyContainsKeyDestroys(true, false /* unused */);
- }
-
- private void verifyContainsKeyDestroys(final boolean isMultiUser, final boolean opAllowed) throws Exception {
- // Do puts before verifying containsKey
- client1.invoke(() -> doMultiUserPuts(2, 2, new int[] {NO_EXCEPTION, NO_EXCEPTION}));
- client1.invoke(() -> doMultiUserContainsKeys(1, 2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}, new boolean[] {true, false}));
-
- // Verify that the destroys succeed/fail
- if (isMultiUser) {
- client2.invoke(() -> doMultiUserDestroys(2, 2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}));
-
- } else {
- int expectedResult = (opAllowed) ? NO_EXCEPTION : NOTAUTHZ_EXCEPTION;
- client2.invoke(() -> doMultiUserDestroys(1, 1, new int[] {expectedResult}));
- }
- }
-
- private void verifyContainsKeyInvalidates() throws Exception {
- verifyContainsKeyInvalidates(true, false /* unused */);
- }
-
- private void verifyContainsKeyInvalidates(final boolean isMultiUser, final boolean opAllowed) throws Exception {
- // Do puts before verifying containsKey
- client1.invoke(() -> doMultiUserPuts(2, 2, new int[] {NO_EXCEPTION, NO_EXCEPTION}));
- client1.invoke(() -> doMultiUserContainsKeys(1, 2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}, new boolean[] {true, false}));
-
- // Verify that the invalidates succeed/fail
- if (isMultiUser) {
- client2.invoke(() -> doMultiUserInvalidates(2, 2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}));
-
- } else {
- int expectedResult = (opAllowed) ? NO_EXCEPTION : NOTAUTHZ_EXCEPTION;
- client2.invoke(() -> doMultiUserInvalidates(1, 1, new int[] {expectedResult}));
- }
- }
-
- private void verifyGetAllInTX() {
- server1.invoke(() -> doPuts());
- client1.invoke(() -> doMultiUserGetAll(2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}, true/*use TX*/));
- }
-
- private void verifyGetAllRegionDestroys() {
- server1.invoke(() -> doPuts());
- client1.invoke(() -> doMultiUserGetAll(2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}));
-
- // Verify that the region destroys succeed/fail
- client2.invoke(() -> doMultiUserRegionDestroys(2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}));
- }
-
- private void doPuts() {
- Region region = GemFireCacheImpl.getInstance().getRegion(REGION_NAME);
- region.put("key1", "value1");
- region.put("key2", "value2");
- }
-
- private int createCacheServerOnVM(final VM server, final Properties javaProps, final Properties serverProps) {
- return server.invoke(() -> ClientAuthorizationTestCase.createCacheServer(getLocatorPort(), serverProps, javaProps));
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/DeltaClientAuthorizationDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/DeltaClientAuthorizationDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/DeltaClientAuthorizationDUnitTest.java
deleted file mode 100644
index 0efd3d6..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/DeltaClientAuthorizationDUnitTest.java
+++ /dev/null
@@ -1,201 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.gemstone.gemfire.security;
-
-import static com.gemstone.gemfire.security.ClientAuthenticationTestUtils.createCacheClient;
-import static com.gemstone.gemfire.security.SecurityTestUtils.*;
-import static com.gemstone.gemfire.test.dunit.Assert.*;
-import static com.gemstone.gemfire.test.dunit.LogWriterUtils.*;
-
-import java.util.Properties;
-
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import com.gemstone.gemfire.DeltaTestImpl;
-import com.gemstone.gemfire.cache.Region;
-import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
-import com.gemstone.gemfire.internal.cache.PartitionedRegionLocalMaxMemoryDUnitTest.TestObject1;
-import com.gemstone.gemfire.security.generator.AuthzCredentialGenerator;
-import com.gemstone.gemfire.security.generator.CredentialGenerator;
-import com.gemstone.gemfire.test.junit.categories.DistributedTest;
-import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-
-/**
- * @since GemFire 6.1
- */
-@Category({ DistributedTest.class, SecurityTest.class })
-public final class DeltaClientAuthorizationDUnitTest extends ClientAuthorizationTestCase {
-
- private DeltaTestImpl[] deltas = new DeltaTestImpl[8];
-
- @Override
- protected final void preSetUpClientAuthorizationTestBase() throws Exception {
- setUpDeltas();
- }
-
- @Override
- public final void preTearDownClientAuthorizationTestBase() throws Exception {
- closeCache();
- }
-
- @Test
- public void testAllowPutsGets() throws Exception {
- AuthzCredentialGenerator gen = this.getXmlAuthzGenerator();
- CredentialGenerator cGen = gen.getCredentialGenerator();
-
- Properties extraAuthProps = cGen.getSystemProperties();
- Properties javaProps = cGen.getJavaProperties();
- Properties extraAuthzProps = gen.getSystemProperties();
-
- String authenticator = cGen.getAuthenticator();
- String authInit = cGen.getAuthInit();
- String accessor = gen.getAuthorizationCallback();
-
- getLogWriter().info("testAllowPutsGets: Using authinit: " + authInit);
- getLogWriter().info("testAllowPutsGets: Using authenticator: " + authenticator);
- getLogWriter().info("testAllowPutsGets: Using accessor: " + accessor);
-
- // Start servers with all required properties
- Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps);
-
- int port1 = createServer1(javaProps, serverProps);
- int port2 = createServer2(javaProps, serverProps);
-
- // Start client1 with valid CREATE credentials
- Properties createCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.PUT }, new String[] { REGION_NAME }, 1);
- javaProps = cGen.getJavaProperties();
-
- getLogWriter().info("testAllowPutsGets: For first client credentials: " + createCredentials);
-
- createClient1(javaProps, authInit, port1, port2, createCredentials);
-
- // Start client2 with valid GET credentials
- Properties getCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.GET }, new String[] { REGION_NAME }, 2);
- javaProps = cGen.getJavaProperties();
-
- getLogWriter().info("testAllowPutsGets: For second client credentials: " + getCredentials);
-
- createClient2(javaProps, authInit, port1, port2, getCredentials);
-
- // Perform some put operations from client1
- client1.invoke(() -> doPuts(2, NO_EXCEPTION));
-
- Thread.sleep(5000);
- assertTrue("Delta feature NOT used", client1.invoke(() -> DeltaTestImpl.toDeltaFeatureUsed()));
-
- // Verify that the gets succeed
- client2.invoke(() -> doGets(2, NO_EXCEPTION));
- }
-
- private void createClient2(final Properties javaProps, final String authInit, final int port1, final int port2, final Properties getCredentials) {
- client2.invoke(() -> createCacheClient(authInit, getCredentials, javaProps, port1, port2, 0, NO_EXCEPTION));
- }
-
- private void createClient1(final Properties javaProps, final String authInit, final int port1, final int port2, final Properties createCredentials) {
- client1.invoke(() -> createCacheClient(authInit, createCredentials, javaProps, port1, port2, 0, NO_EXCEPTION));
- }
-
- private int createServer2(final Properties javaProps, final Properties serverProps) {
- return server2.invoke(() -> createCacheServer(getLocatorPort(), serverProps, javaProps));
- }
-
- private int createServer1(final Properties javaProps, final Properties serverProps) {
- return server1.invoke(() -> createCacheServer(getLocatorPort(), serverProps, javaProps));
- }
-
- private void doPuts(final int num, final int expectedResult) {
- assertTrue(num <= KEYS.length);
- Region region = getCache().getRegion(REGION_NAME);
- assertNotNull(region);
- for (int index = 0; index < num; ++index) {
- region.put(KEYS[index], deltas[0]);
- }
- for (int index = 0; index < num; ++index) {
- region.put(KEYS[index], deltas[index]);
- if (expectedResult != NO_EXCEPTION) {
- fail("Expected a NotAuthorizedException while doing puts");
- }
- }
- }
-
- private void doGets(final int num, final int expectedResult) {
- assertTrue(num <= KEYS.length);
-
- Region region = getCache().getRegion(REGION_NAME);
- assertNotNull(region);
-
- for (int index = 0; index < num; ++index) {
- region.localInvalidate(KEYS[index]);
- Object value = region.get(KEYS[index]);
- if (expectedResult != NO_EXCEPTION) {
- fail("Expected a NotAuthorizedException while doing gets");
- }
- assertNotNull(value);
- assertEquals(deltas[index], value);
- }
- }
-
- private final void setUpDeltas() {
- for (int i = 0; i < 8; i++) {
- deltas[i] = new DeltaTestImpl(0, "0", new Double(0), new byte[0], new TestObject1("0", 0));
- }
- deltas[1].setIntVar(5);
- deltas[2].setIntVar(5);
- deltas[3].setIntVar(5);
- deltas[4].setIntVar(5);
- deltas[5].setIntVar(5);
- deltas[6].setIntVar(5);
- deltas[7].setIntVar(5);
-
- deltas[2].resetDeltaStatus();
- deltas[2].setByteArr(new byte[] { 1, 2, 3, 4, 5 });
- deltas[3].setByteArr(new byte[] { 1, 2, 3, 4, 5 });
- deltas[4].setByteArr(new byte[] { 1, 2, 3, 4, 5 });
- deltas[5].setByteArr(new byte[] { 1, 2, 3, 4, 5 });
- //deltas[6].setByteArr(new byte[] { 1, 2, 3, 4, 5 });
- //deltas[7].setByteArr(new byte[] { 1, 2, 3, 4, 5 });
-
- deltas[3].resetDeltaStatus();
- deltas[3].setDoubleVar(new Double(5));
- deltas[4].setDoubleVar(new Double(5));
- deltas[5].setDoubleVar(new Double(5));
- deltas[6].setDoubleVar(new Double(5));
- deltas[7].setDoubleVar(new Double(5));
-
- deltas[4].resetDeltaStatus();
- deltas[4].setStr("str changed");
- deltas[5].setStr("str changed");
- deltas[6].setStr("str changed");
- //deltas[7].setStr("str changed");
-
- deltas[5].resetDeltaStatus();
- deltas[5].setIntVar(100);
- deltas[5].setTestObj(new TestObject1("CHANGED", 100));
- deltas[6].setTestObj(new TestObject1("CHANGED", 100));
- deltas[7].setTestObj(new TestObject1("CHANGED", 100));
-
- deltas[6].resetDeltaStatus();
- deltas[6].setByteArr(new byte[] { 1, 2, 3 });
- deltas[7].setByteArr(new byte[] { 1, 2, 3 });
-
- deltas[7].resetDeltaStatus();
- deltas[7].setStr("delta string");
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/DeltaClientPostAuthorizationDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/DeltaClientPostAuthorizationDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/DeltaClientPostAuthorizationDUnitTest.java
deleted file mode 100644
index ff8d23d..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/DeltaClientPostAuthorizationDUnitTest.java
+++ /dev/null
@@ -1,284 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.gemstone.gemfire.security;
-
-import static com.gemstone.gemfire.security.SecurityTestUtils.*;
-import static com.gemstone.gemfire.test.dunit.Assert.*;
-import static com.gemstone.gemfire.test.dunit.IgnoredException.*;
-import static com.gemstone.gemfire.test.dunit.LogWriterUtils.*;
-
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Properties;
-import java.util.Random;
-
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import com.gemstone.gemfire.DeltaTestImpl;
-import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
-import com.gemstone.gemfire.internal.AvailablePortHelper;
-import com.gemstone.gemfire.internal.cache.PartitionedRegionLocalMaxMemoryDUnitTest;
-import com.gemstone.gemfire.security.generator.AuthzCredentialGenerator;
-import com.gemstone.gemfire.security.generator.CredentialGenerator;
-import com.gemstone.gemfire.test.dunit.VM;
-import com.gemstone.gemfire.test.junit.categories.DistributedTest;
-import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-
-/**
- * @since GemFire 6.1
- */
-@Category({ DistributedTest.class, SecurityTest.class })
-public class DeltaClientPostAuthorizationDUnitTest extends ClientAuthorizationTestCase {
-
- private static final int PAUSE = 5 * 1000; // TODO: replace with Awaitility
-
- private DeltaTestImpl[] deltas = new DeltaTestImpl[8];
-
- @Override
- public final void preSetUpClientAuthorizationTestBase() throws Exception {
- setUpDeltas();
- addIgnoredException("Unexpected IOException");
- addIgnoredException("SocketException");
- }
-
- @Override
- public final void preTearDownClientAuthorizationTestBase() throws Exception {
- closeCache();
- }
-
- @Test
- public void testPutPostOpNotifications() throws Exception {
- OperationWithAction[] allOps = allOps();
-
- AuthzCredentialGenerator gen = this.getXmlAuthzGenerator();
- CredentialGenerator cGen = gen.getCredentialGenerator();
- Properties extraAuthProps = cGen.getSystemProperties();
- Properties javaProps = cGen.getJavaProperties();
- Properties extraAuthzProps = gen.getSystemProperties();
- String authenticator = cGen.getAuthenticator();
- String authInit = cGen.getAuthInit();
- String accessor = gen.getAuthorizationCallback();
- TestAuthzCredentialGenerator tgen = new TestAuthzCredentialGenerator(gen);
-
- getLogWriter().info("testAllOpsNotifications: Using authinit: " + authInit);
- getLogWriter().info("testAllOpsNotifications: Using authenticator: " + authenticator);
- getLogWriter().info("testAllOpsNotifications: Using accessor: " + accessor);
-
- // Start servers with all required properties
- Properties serverProps = buildProperties(authenticator, accessor, true, extraAuthProps, extraAuthzProps);
-
- // Get ports for the servers
- int[] randomAvailableTCPPorts = AvailablePortHelper.getRandomAvailableTCPPorts(2);
- int port1 = randomAvailableTCPPorts[0];
- int port2 = randomAvailableTCPPorts[1];
-
- // Perform all the ops on the clients
- List opBlock = new ArrayList();
- Random rnd = new Random();
-
- for (int opNum = 0; opNum < allOps.length; ++opNum) {
- // Start client with valid credentials as specified in OperationWithAction
- OperationWithAction currentOp = allOps[opNum];
- if (currentOp.equals(OperationWithAction.OPBLOCK_END) || currentOp.equals(OperationWithAction.OPBLOCK_NO_FAILOVER)) {
-
- // End of current operation block; execute all the operations on the servers with failover
- if (opBlock.size() > 0) {
- // Start the first server and execute the operation block
- server1.invoke(() -> ClientAuthorizationTestCase.createCacheServer(getLocatorPort(), port1, serverProps, javaProps ));
- server2.invoke(() -> closeCache());
-
- executeOpBlock(opBlock, port1, port2, authInit, extraAuthProps, extraAuthzProps, tgen, rnd);
-
- if (!currentOp.equals(OperationWithAction.OPBLOCK_NO_FAILOVER)) {
- // Failover to the second server and run the block again
- server2.invoke(() -> ClientAuthorizationTestCase.createCacheServer(getLocatorPort(), port2, serverProps, javaProps ));
- server1.invoke(() -> closeCache());
-
- executeOpBlock(opBlock, port1, port2, authInit, extraAuthProps, extraAuthzProps, tgen, rnd);
- }
-
- opBlock.clear();
- }
-
- } else {
- currentOp.setOpNum(opNum);
- opBlock.add(currentOp);
- }
- }
- }
-
- @Override
- protected final void executeOpBlock(final List<OperationWithAction> opBlock, final int port1, final int port2, final String authInit, final Properties extraAuthProps, final Properties extraAuthzProps, final TestCredentialGenerator credentialGenerator, final Random random) throws InterruptedException {
- for (Iterator<OperationWithAction> opIter = opBlock.iterator(); opIter.hasNext();) {
- // Start client with valid credentials as specified in OperationWithAction
- OperationWithAction currentOp = opIter.next();
- OperationCode opCode = currentOp.getOperationCode();
- int opFlags = currentOp.getFlags();
- int clientNum = currentOp.getClientNum();
- VM clientVM = null;
- boolean useThisVM = false;
-
- switch (clientNum) {
- case 1:
- clientVM = client1;
- break;
- case 2:
- clientVM = client2;
- break;
- case 3:
- useThisVM = true;
- break;
- default:
- fail("executeOpBlock: Unknown client number " + clientNum);
- break;
- }
-
- getLogWriter().info("executeOpBlock: performing operation number [" + currentOp.getOpNum() + "]: " + currentOp);
-
- if ((opFlags & OpFlags.USE_OLDCONN) == 0) {
- Properties opCredentials;
- int newRnd = random.nextInt(100) + 1;
- String currentRegionName = '/' + regionName;
- if ((opFlags & OpFlags.USE_SUBREGION) > 0) {
- currentRegionName += ('/' + SUBREGION_NAME);
- }
-
- String credentialsTypeStr;
- OperationCode authOpCode = currentOp.getAuthzOperationCode();
- int[] indices = currentOp.getIndices();
- CredentialGenerator cGen = credentialGenerator.getCredentialGenerator();
- final Properties javaProps = cGen == null ? null : cGen.getJavaProperties();
-
- if ((opFlags & OpFlags.CHECK_NOTAUTHZ) > 0 || (opFlags & OpFlags.USE_NOTAUTHZ) > 0) {
- opCredentials = credentialGenerator.getDisallowedCredentials(new OperationCode[] { authOpCode }, new String[] { currentRegionName }, indices, newRnd);
- credentialsTypeStr = " unauthorized " + authOpCode;
-
- } else {
- opCredentials = credentialGenerator.getAllowedCredentials(new OperationCode[] {opCode, authOpCode }, new String[] { currentRegionName }, indices, newRnd);
- credentialsTypeStr = " authorized " + authOpCode;
- }
-
- Properties clientProps = concatProperties(new Properties[] { opCredentials, extraAuthProps, extraAuthzProps });
-
- // Start the client with valid credentials but allowed or disallowed to perform an operation
- getLogWriter().info("executeOpBlock: For client" + clientNum + credentialsTypeStr + " credentials: " + opCredentials);
- boolean setupDynamicRegionFactory = (opFlags & OpFlags.ENABLE_DRF) > 0;
- if (useThisVM) {
- createCacheClient(authInit, clientProps, javaProps, new int[] { port1, port2 }, 0, setupDynamicRegionFactory, NO_EXCEPTION);
-
- } else {
- clientVM.invoke(() -> createCacheClient(authInit, clientProps, javaProps, new int[] { port1, port2 }, 0, setupDynamicRegionFactory, NO_EXCEPTION));
- }
- }
-
- int expectedResult;
- if ((opFlags & OpFlags.CHECK_NOTAUTHZ) > 0) {
- expectedResult = NOTAUTHZ_EXCEPTION;
- } else if ((opFlags & OpFlags.CHECK_EXCEPTION) > 0) {
- expectedResult = OTHER_EXCEPTION;
- } else {
- expectedResult = NO_EXCEPTION;
- }
-
- // Perform the operation from selected client
- if (useThisVM) {
- doOp(opCode, currentOp.getIndices(), new Integer(
- opFlags), new Integer(expectedResult));
- }
- else {
- int[] indices = currentOp.getIndices();
- clientVM.invoke(() -> DeltaClientPostAuthorizationDUnitTest.doOp(opCode,
- indices, new Integer(opFlags),
- new Integer(expectedResult) ));
- }
- }
- }
-
- private void setUpDeltas() {
- for (int i = 0; i < 8; i++) {
- deltas[i] = new DeltaTestImpl(0, "0", new Double(0), new byte[0], new PartitionedRegionLocalMaxMemoryDUnitTest.TestObject1("0", 0));
- }
- deltas[1].setIntVar(5);
- deltas[2].setIntVar(5);
- deltas[3].setIntVar(5);
- deltas[4].setIntVar(5);
- deltas[5].setIntVar(5);
- deltas[6].setIntVar(5);
- deltas[7].setIntVar(5);
-
- deltas[2].resetDeltaStatus();
- deltas[2].setByteArr(new byte[] { 1, 2, 3, 4, 5 });
- deltas[3].setByteArr(new byte[] { 1, 2, 3, 4, 5 });
- deltas[4].setByteArr(new byte[] { 1, 2, 3, 4, 5 });
- deltas[5].setByteArr(new byte[] { 1, 2, 3, 4, 5 });
- //deltas[6].setByteArr(new byte[] { 1, 2, 3, 4, 5 });
- //deltas[7].setByteArr(new byte[] { 1, 2, 3, 4, 5 });
-
- deltas[3].resetDeltaStatus();
- deltas[3].setDoubleVar(new Double(5));
- deltas[4].setDoubleVar(new Double(5));
- deltas[5].setDoubleVar(new Double(5));
- deltas[6].setDoubleVar(new Double(5));
- deltas[7].setDoubleVar(new Double(5));
-
- deltas[4].resetDeltaStatus();
- deltas[4].setStr("str changed");
- deltas[5].setStr("str changed");
- deltas[6].setStr("str changed");
- //deltas[7].setStr("str changed");
-
- deltas[5].resetDeltaStatus();
- deltas[5].setIntVar(100);
- deltas[5].setTestObj(new PartitionedRegionLocalMaxMemoryDUnitTest.TestObject1("CHANGED", 100));
- deltas[6].setTestObj(new PartitionedRegionLocalMaxMemoryDUnitTest.TestObject1("CHANGED", 100));
- deltas[7].setTestObj(new PartitionedRegionLocalMaxMemoryDUnitTest.TestObject1("CHANGED", 100));
-
- deltas[6].resetDeltaStatus();
- deltas[6].setByteArr(new byte[] { 1, 2, 3 });
- deltas[7].setByteArr(new byte[] { 1, 2, 3 });
-
- deltas[7].resetDeltaStatus();
- deltas[7].setStr("delta string");
- }
-
- private OperationWithAction[] allOps() {
- return new OperationWithAction[] {
- // Test CREATE and verify with a GET
- new OperationWithAction(OperationCode.REGISTER_INTEREST, OperationCode.GET, 2, OpFlags.USE_REGEX | OpFlags.REGISTER_POLICY_NONE, 8),
- new OperationWithAction(OperationCode.REGISTER_INTEREST, OperationCode.GET, 3, OpFlags.USE_REGEX | OpFlags.REGISTER_POLICY_NONE | OpFlags.USE_NOTAUTHZ, 8),
- new OperationWithAction(OperationCode.PUT),
- new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP, 4),
- new OperationWithAction(OperationCode.GET, 3, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP | OpFlags.CHECK_FAIL, 4),
-
- // OPBLOCK_END indicates end of an operation block that needs to be executed on each server when doing failover
- OperationWithAction.OPBLOCK_END,
-
- // Test UPDATE and verify with a GET
- new OperationWithAction(OperationCode.REGISTER_INTEREST, OperationCode.GET, 2, OpFlags.USE_REGEX | OpFlags.REGISTER_POLICY_NONE, 8),
- new OperationWithAction(OperationCode.REGISTER_INTEREST, OperationCode.GET, 3, OpFlags.USE_REGEX | OpFlags.REGISTER_POLICY_NONE | OpFlags.USE_NOTAUTHZ, 8),
- new OperationWithAction(OperationCode.PUT, 1, OpFlags.USE_OLDCONN | OpFlags.USE_NEWVAL, 4),
- new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP | OpFlags.USE_NEWVAL, 4),
- new OperationWithAction(OperationCode.GET, 3, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP | OpFlags.USE_NEWVAL | OpFlags.CHECK_FAIL, 4),
-
- OperationWithAction.OPBLOCK_END
- };
- }
-}
[11/15] incubator-geode git commit: GEODE-37 Renamed security related
stuff
Posted by hi...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/NoShowValue1PostProcessorDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/NoShowValue1PostProcessorDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/NoShowValue1PostProcessorDUnitTest.java
deleted file mode 100644
index 5d071a8..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/NoShowValue1PostProcessorDUnitTest.java
+++ /dev/null
@@ -1,86 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security;
-
-import static org.junit.Assert.*;
-
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Map;
-
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import com.gemstone.gemfire.cache.Region;
-import com.gemstone.gemfire.cache.client.ClientCache;
-import com.gemstone.gemfire.cache.client.Pool;
-import com.gemstone.gemfire.cache.client.PoolManager;
-import com.gemstone.gemfire.cache.query.SelectResults;
-import com.gemstone.gemfire.test.junit.categories.DistributedTest;
-import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-
-@Category({ DistributedTest.class, SecurityTest.class })
-public class NoShowValue1PostProcessorDUnitTest extends AbstractSecureServerDUnitTest {
-
- public NoShowValue1PostProcessorDUnitTest(){
- this.postProcessor = NoShowValue1PostProcessor.class;
- }
-
- @Test
- public void testPostProcess(){
- List<String> keys = new ArrayList<>();
- keys.add("key1");
- keys.add("key2");
-
- client1.invoke(()->{
- ClientCache cache = createClientCache("super-user", "1234567", serverPort);
- Region region = cache.getRegion(REGION_NAME);
-
- // post process for get
- assertEquals("value3", region.get("key3"));
-
- assertNull(region.get("key1"));
-
- // post processs for getAll
- Map values = region.getAll(keys);
- assertEquals(2, values.size());
- assertEquals("value2", values.get("key2"));
- assertNull(values.get("key1"));
-
- // post process for query
- String query = "select * from /AuthRegion";
- SelectResults result = region.query(query);
- System.out.println("query result: "+result);
- assertEquals(5, result.size());
- assertTrue(result.contains("value0"));
- assertFalse(result.contains("value1"));
- assertTrue(result.contains("value2"));
- assertTrue(result.contains("value3"));
- assertTrue(result.contains("value4"));
-
- Pool pool = PoolManager.find(region);
- result = (SelectResults)pool.getQueryService().newQuery(query).execute();
- System.out.println("query result: "+result);
- assertTrue(result.contains("value0"));
- assertFalse(result.contains("value1"));
- assertTrue(result.contains("value2"));
- assertTrue(result.contains("value3"));
- assertTrue(result.contains("value4"));
- });
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/NotAuthorizedExceptionTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/NotAuthorizedExceptionTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/NotAuthorizedExceptionTest.java
deleted file mode 100644
index 67dfadc..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/NotAuthorizedExceptionTest.java
+++ /dev/null
@@ -1,200 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security;
-
-import static com.googlecode.catchexception.CatchException.*;
-import static org.assertj.core.api.Assertions.*;
-import static org.mockito.Mockito.*;
-
-import java.io.NotSerializableException;
-import java.io.Serializable;
-import java.security.Principal;
-import javax.naming.NamingException;
-
-import org.apache.commons.lang.SerializationUtils;
-import org.junit.Before;
-import org.junit.Rule;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-import org.junit.rules.TestName;
-
-import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-import com.gemstone.gemfire.test.junit.categories.UnitTest;
-
-/**
- * Unit tests for {@link NotAuthorizedException}.
- */
-@Category({ UnitTest.class, SecurityTest.class })
-public class NotAuthorizedExceptionTest {
-
- private String message;
- private String causeMessage;
- private Object nonSerializableResolvedObj;
- private NamingException nonSerializableNamingException;
- private SerializableObject serializableResolvedObj;
- private NamingException serializableNamingException;
- private String principalName;
- private Principal nonSerializablePrincipal;
- private SerializablePrincipal serializablePrincipal;
-
- @Rule
- public TestName testName = new TestName();
-
- @Before
- public void setUp() throws Exception {
- this.message = testName.getMethodName() + " message";
- this.causeMessage = testName.getMethodName() + " cause message";
-
- this.nonSerializableResolvedObj = new Object();
- this.nonSerializableNamingException = new NamingException(this.causeMessage);
- this.nonSerializableNamingException.setResolvedObj(this.nonSerializableResolvedObj);
-
- this.serializableResolvedObj = new SerializableObject(this.testName.getMethodName());
- this.serializableNamingException = new NamingException(this.causeMessage);
- this.serializableNamingException.setResolvedObj(this.serializableResolvedObj);
-
- this.principalName = "jsmith";
- this.nonSerializablePrincipal = mock(Principal.class);
- this.serializablePrincipal = new SerializablePrincipal(this.principalName);
-
- assertPreconditions();
- }
-
- private void assertPreconditions() {
- catchException(this).clone(this.nonSerializableNamingException);
- assertThat((Throwable)caughtException()).isNotNull();
- assertThat((Throwable)caughtException().getCause()).isInstanceOf(NotSerializableException.class);
-
- catchException(this).clone(this.serializableNamingException);
- assertThat((Throwable)caughtException()).isNull();
-
- assertThat(this.nonSerializableResolvedObj).isNotInstanceOf(Serializable.class);
-
- catchException(this).clone(this.serializableResolvedObj);
- assertThat((Throwable)caughtException()).isNull();
-
- assertThat(this.nonSerializablePrincipal).isNotInstanceOf(Serializable.class);
-
- catchException(this).clone(this.serializablePrincipal);
- assertThat((Throwable)caughtException()).isNull();
- }
-
- @Test
- public void isSerializable() throws Exception {
- assertThat(NotAuthorizedException.class).isInstanceOf(Serializable.class);
- }
-
- @Test
- public void serializes() throws Exception {
- NotAuthorizedException instance = new NotAuthorizedException(this.message);
-
- NotAuthorizedException cloned = (NotAuthorizedException) SerializationUtils.clone(instance);
-
- assertThat(cloned).hasMessage(this.message);
- }
-
- @Test
- public void serializesWithThrowable() throws Exception {
- Throwable cause = new Exception(this.causeMessage);
- NotAuthorizedException instance = new NotAuthorizedException(this.message, cause);
-
- NotAuthorizedException cloned = (NotAuthorizedException) SerializationUtils.clone(instance);
-
- assertThat(cloned).hasMessage(this.message);
- assertThat(cloned).hasCause(cause);
- }
-
- @Test
- public void serializesWithNonSerializablePrincipal() throws Exception {
- NotAuthorizedException instance = new NotAuthorizedException(this.message, this.nonSerializablePrincipal);
- assertThat(instance.getPrincipal()).isNotNull();
-
- NotAuthorizedException cloned = (NotAuthorizedException) SerializationUtils.clone(instance);
-
- assertThat(cloned).hasMessage(this.message);
- assertThat(cloned.getPrincipal()).isNull();
- }
-
- @Test
- public void serializesWithSerializablePrincipal() throws Exception {
- NotAuthorizedException instance = new NotAuthorizedException(this.message, this.serializablePrincipal);
-
- NotAuthorizedException cloned = (NotAuthorizedException) SerializationUtils.clone(instance);
-
- assertThat(cloned).hasMessage(this.message);
- assertThat(cloned.getPrincipal()).isNotNull().isEqualTo(this.serializablePrincipal);
- }
-
- public Object clone(final Serializable object) {
- return SerializationUtils.clone(object);
- }
-
- public static class SerializableObject implements Serializable {
-
- private String name;
-
- SerializableObject(String name) {
- this.name = name;
- }
-
- @Override
- public boolean equals(Object o) {
- if (this == o) return true;
- if (o == null || getClass() != o.getClass()) return false;
-
- SerializableObject that = (SerializableObject) o;
-
- return name != null ? name.equals(that.name) : that.name == null;
-
- }
-
- @Override
- public int hashCode() {
- return name != null ? name.hashCode() : 0;
- }
- }
-
- public static class SerializablePrincipal implements Principal, Serializable {
-
- private String name;
-
- SerializablePrincipal(String name) {
- this.name = name;
- }
-
- @Override
- public String getName() {
- return this.name;
- }
-
- @Override
- public boolean equals(Object o) {
- if (this == o) return true;
- if (o == null || getClass() != o.getClass()) return false;
-
- SerializablePrincipal that = (SerializablePrincipal) o;
-
- return name != null ? name.equals(that.name) : that.name == null;
-
- }
-
- @Override
- public int hashCode() {
- return name != null ? name.hashCode() : 0;
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/P2PAuthenticationDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/P2PAuthenticationDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/P2PAuthenticationDUnitTest.java
deleted file mode 100644
index cb1836e..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/P2PAuthenticationDUnitTest.java
+++ /dev/null
@@ -1,541 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.gemstone.gemfire.security;
-
-import com.gemstone.gemfire.distributed.ConfigurationProperties;
-import com.gemstone.gemfire.distributed.DistributedSystem;
-import com.gemstone.gemfire.distributed.Locator;
-import com.gemstone.gemfire.distributed.internal.InternalDistributedSystem;
-import com.gemstone.gemfire.distributed.internal.membership.MembershipManager;
-import com.gemstone.gemfire.distributed.internal.membership.gms.MembershipManagerHelper;
-import com.gemstone.gemfire.security.generator.CredentialGenerator;
-import com.gemstone.gemfire.security.generator.DummyCredentialGenerator;
-import com.gemstone.gemfire.security.generator.LdapUserCredentialGenerator;
-import com.gemstone.gemfire.security.generator.UserPasswordWithExtraPropsAuthInit;
-import com.gemstone.gemfire.security.templates.LdapUserAuthenticator;
-import com.gemstone.gemfire.security.templates.UserPasswordAuthInit;
-import com.gemstone.gemfire.test.dunit.Host;
-import com.gemstone.gemfire.test.dunit.VM;
-import com.gemstone.gemfire.test.dunit.internal.JUnit4DistributedTestCase;
-import com.gemstone.gemfire.test.junit.categories.DistributedTest;
-import com.gemstone.gemfire.test.junit.categories.FlakyTest;
-import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-import org.junit.Ignore;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import javax.net.ssl.SSLHandshakeException;
-import java.util.Properties;
-
-import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
-import static com.gemstone.gemfire.internal.AvailablePort.SOCKET;
-import static com.gemstone.gemfire.internal.AvailablePort.getRandomAvailablePort;
-import static com.gemstone.gemfire.security.SecurityTestUtils.startLocator;
-import static com.gemstone.gemfire.security.SecurityTestUtils.stopLocator;
-import static com.gemstone.gemfire.test.dunit.Assert.*;
-import static com.gemstone.gemfire.test.dunit.IgnoredException.addIgnoredException;
-import static com.gemstone.gemfire.test.dunit.NetworkUtils.getIPLiteral;
-import static com.gemstone.gemfire.test.dunit.Wait.pause;
-
-/**
- * Tests peer to peer authentication in Gemfire
- *
- * @since GemFire 5.5
- */
-@Category({ DistributedTest.class, SecurityTest.class })
-public class P2PAuthenticationDUnitTest extends JUnit4DistributedTestCase {
-
- private static VM locatorVM = null;
-
- private static final String[] ignoredExceptions = {
- AuthenticationRequiredException.class.getName(),
- AuthenticationFailedException.class.getName(),
- GemFireSecurityException.class.getName(),
- SSLHandshakeException.class.getName(),
- ClassNotFoundException.class.getName(),
- "Authentication failed for",
- "Failed to obtain credentials"
- };
-
- @Override
- public final void postSetUp() throws Exception {
- disconnectAllFromDS();
- locatorVM = Host.getHost(0).getVM(0);
- for (String exceptionString : ignoredExceptions) {
- addIgnoredException(exceptionString);
- }
- }
-
- /**
- * Check that mcast-port setting for discovery or with locator are
- * incompatible with security
- */
- @Test
- public void testIllegalPropertyCombos() throws Exception {
- int port = getRandomAvailablePort(SOCKET);
-
- Properties props = new Properties();
- props.setProperty(MCAST_PORT, "26753");
- props.setProperty(ConfigurationProperties.LOCATORS, getIPLiteral() + "[" + port + "]");
- props.setProperty(ConfigurationProperties.SECURITY_PEER_AUTH_INIT, UserPasswordAuthInit.class.getName() + ".create");
- props.setProperty(ConfigurationProperties.ENABLE_CLUSTER_CONFIGURATION, "false");
-
- try {
- Locator.startLocatorAndDS(port, null, null, props);
- fail("Expected an IllegalArgumentException while starting locator");
-
- } catch (IllegalArgumentException ex) {
- // success
- }
-
- // Also try setting the authenticator
- props = new Properties();
- props.setProperty(MCAST_PORT, "26753");
- props.setProperty(LOCATORS, getIPLiteral() + "[" + port + "]");
- props.setProperty(SECURITY_PEER_AUTHENTICATOR, LdapUserAuthenticator.class.getName() + ".create");
- props.setProperty(ENABLE_CLUSTER_CONFIGURATION, "false");
-
- try {
- Locator.startLocatorAndDS(port, null, null, props);
- fail("Expected an IllegalArgumentException while starting locator");
-
- } catch (IllegalArgumentException expected) {
- // success
- }
-
- props = new Properties();
- props.setProperty(MCAST_PORT, "26753");
- props.setProperty(SECURITY_PEER_AUTH_INIT, UserPasswordAuthInit.class.getName() + ".create");
-
- try {
- getSystem(props);
- fail("Expected an IllegalArgumentException while connection to DS");
-
- } catch (IllegalArgumentException expected) {
- // success
- }
-
- // Also try setting the authenticator
- props = new Properties();
- props.setProperty(MCAST_PORT, "26753");
- props.setProperty(SECURITY_PEER_AUTHENTICATOR, LdapUserAuthenticator.class.getName() + ".create");
-
- try {
- getSystem(props);
- fail("Expected an IllegalArgumentException while connection to DS");
-
- } catch (IllegalArgumentException expected) {
- // success
- }
- }
-
- /**
- * AuthInitialize is incorrect
- */
- @Test
- public void testP2PAuthenticationWithInvalidAuthInitialize() throws Exception {
- int locatorPort = getRandomAvailablePort(SOCKET);
-
- CredentialGenerator gen = new DummyCredentialGenerator();
- assertNotNull(gen.getAuthenticator());
- assertNull(gen.getJavaProperties());
-
- Properties props = new Properties();
- props.setProperty(MCAST_PORT, "0");
- props.setProperty(LOCATORS, getIPLiteral() + "[" + locatorPort + "]");
- props.setProperty(SECURITY_PEER_AUTH_INIT, "Incorrect_AuthInitialize");
- props.setProperty(SECURITY_PEER_AUTHENTICATOR, gen.getAuthenticator());
-
- startTheLocator(props, gen.getJavaProperties(), locatorPort);
-
- try {
- new SecurityTestUtils("tmp").createSystem(props, null);
- fail("AuthenticationFailedException was expected as the AuthInitialize object passed is incorrect");
-
- } catch (AuthenticationFailedException expected) {
- // success
-
- } finally {
- locatorVM.invoke(() -> stopLocator(locatorPort, ignoredExceptions));
- }
- }
-
- /**
- * Authenticator is incorrect
- */
- @Category(FlakyTest.class) // GEODE-1089: random port
- @Test
- public void testP2PAuthenticationWithInvalidAuthenticator() throws Exception {
- int locatorPort = getRandomAvailablePort(SOCKET);
-
- CredentialGenerator gen = new DummyCredentialGenerator();
- assertNotNull(gen.getAuthInit());
- assertNull(gen.getJavaProperties());
-
- Properties props = new Properties();
- props.setProperty(MCAST_PORT, "0");
- props.setProperty(LOCATORS, getIPLiteral() + "[" + locatorPort + "]");
- props.setProperty(SECURITY_PEER_AUTH_INIT, gen.getAuthInit());
- props.setProperty(SECURITY_PEER_AUTHENTICATOR, "xyz");
-
- startTheLocator(props, null, locatorPort);
-
- try {
- new SecurityTestUtils("tmp").createSystem(props, null);
- fail("AuthenticationFailedException was expected as the Authenticator object passed is incorrect");
-
- } catch (AuthenticationFailedException expected) {
- // success
-
- } finally {
- locatorVM.invoke(() -> stopLocator(locatorPort, ignoredExceptions));
- }
- }
-
- @Category(FlakyTest.class) // GEODE-1091: random port
- @Test
- public void testP2PAuthenticationWithNoCredentials() throws Exception {
- int locatorPort = getRandomAvailablePort(SOCKET);
-
- CredentialGenerator gen = new DummyCredentialGenerator();
- assertNotNull(gen.getAuthenticator());
- assertNotNull(gen.getAuthInit());
- assertNull(gen.getJavaProperties());
- assertNull(gen.getSystemProperties());
-
- Properties props = new Properties();
- props.setProperty(MCAST_PORT, "0");
- props.setProperty(LOCATORS, getIPLiteral() + "[" + locatorPort + "]");
- props.setProperty(SECURITY_PEER_AUTH_INIT, gen.getAuthInit());
- props.setProperty(SECURITY_PEER_AUTHENTICATOR, gen.getAuthenticator());
-
- startTheLocator(props, null, locatorPort);
-
- try {
- new SecurityTestUtils("tmp").createSystem(props, null);
- fail("AuthenticationFailedException was expected as no credentials are set");
-
- } catch (AuthenticationFailedException expected) {
- // success
-
- } finally {
- locatorVM.invoke(() -> stopLocator(locatorPort, ignoredExceptions));
- }
- }
-
- @Test
- public void testP2PAuthenticationWithValidCredentials() throws Exception {
- int locatorPort = getRandomAvailablePort(SOCKET);
-
- CredentialGenerator gen = new DummyCredentialGenerator();
- assertNotNull(gen.getAuthenticator());
- assertNotNull(gen.getAuthInit());
- assertNull(gen.getJavaProperties());
- assertNull(gen.getSystemProperties());
- assertNotNull(gen.getValidCredentials(1));
-
- Properties props = new Properties();
- props.setProperty(MCAST_PORT, "0");
- props.setProperty(LOCATORS, getIPLiteral() + "[" + locatorPort + "]");
- props.setProperty(SECURITY_PEER_AUTH_INIT, gen.getAuthInit());
- props.setProperty(SECURITY_PEER_AUTHENTICATOR, gen.getAuthenticator());
- props.putAll(gen.getValidCredentials(1));
-
- startTheLocator(props, gen.getJavaProperties(), locatorPort);
-
- try {
- createDS(props, gen.getJavaProperties());
- verifyMembers(2);
- disconnectFromDS();
-
- } finally {
- locatorVM.invoke(() -> stopLocator(locatorPort, ignoredExceptions));
- }
- }
-
- @Test
- public void testP2PAuthenticationWithBothValidAndInValidCredentials() throws Exception {
- addIgnoredException("Authentication failed");
-
- int locatorPort = getRandomAvailablePort(SOCKET);
-
- CredentialGenerator gen = new DummyCredentialGenerator();
- assertNotNull(gen.getAuthenticator());
- assertNotNull(gen.getAuthInit());
- assertNotNull(gen.getInvalidCredentials(1));
- assertNull(gen.getJavaProperties());
- assertNull(gen.getSystemProperties());
- assertNotNull(gen.getValidCredentials(1));
- assertNotNull(gen.getValidCredentials(3));
-
- Properties props = new Properties();
- props.setProperty(MCAST_PORT, "0");
- props.setProperty(LOCATORS, getIPLiteral() + "[" + locatorPort + "]");
- props.setProperty(SECURITY_PEER_AUTH_INIT, gen.getAuthInit());
- props.setProperty(SECURITY_PEER_AUTHENTICATOR, gen.getAuthenticator());
- props.putAll(gen.getValidCredentials(1));
-
- startTheLocator(props, null, locatorPort);
-
- try {
- // invalid credentials for the peer
- props.putAll(gen.getInvalidCredentials(1));
-
- try {
- new SecurityTestUtils("tmp").createSystem(props, null);
- fail("AuthenticationFailedException was expected as wrong credentials were passed");
-
- } catch (AuthenticationFailedException expected) {
- // success
- }
-
- props.putAll(gen.getValidCredentials(3));
-
- createDS(props, null);
- verifyMembers(2);
- disconnectFromDS();
-
- } finally {
- locatorVM.invoke(() -> stopLocator(locatorPort, ignoredExceptions));
- }
- }
-
- /**
- * The strategy is to test view change reject by having two different
- * authenticators on different VMs.
- *
- * Here locator will accept the credentials from peer2 but the first peer will
- * reject them due to different authenticator. Hence the number of members
- * reported by the first peer should be only two while others will report as
- * three.
- */
- @Ignore("disabled for some reason?")
- @Test
- public void testP2PViewChangeReject() throws Exception {
- final Host host = Host.getHost(0);
- final VM peer2 = host.getVM(1);
- final VM peer3 = host.getVM(2);
-
- CredentialGenerator gen = new LdapUserCredentialGenerator();
- gen.init();
- Properties extraProps = gen.getSystemProperties();
- String authenticator = gen.getAuthenticator();
- String authInit = gen.getAuthInit();
-
- if (extraProps == null) {
- extraProps = new Properties();
- }
-
- CredentialGenerator gen2 = new DummyCredentialGenerator();
- gen2.init();
- Properties extraProps2 = gen2.getSystemProperties();
- String authenticator2 = gen2.getAuthenticator();
-
- if (extraProps2 == null) {
- extraProps2 = new Properties();
- }
-
- // Start the locator with the LDAP authenticator
- Properties props = new Properties();
- int port = getRandomAvailablePort(SOCKET);
- final String locators = getIPLiteral() +"["+port+"]";
-
- props.setProperty(SECURITY_PEER_AUTH_INIT, authInit);
- props.setProperty(SECURITY_PEER_AUTHENTICATOR, authenticator);
- Properties credentials = gen.getValidCredentials(1);
- Properties javaProps = gen.getJavaProperties();
- props.putAll(credentials);
- props.putAll(extraProps);
-
- startTheLocator(props, javaProps, port);
-
- try {
-
- // Start the first peer with different authenticator
- props = new Properties();
- props.setProperty(MCAST_PORT, "0");
- props.setProperty(LOCATORS, locators);
- props.setProperty(SECURITY_PEER_AUTH_INIT, authInit);
- props.setProperty(SECURITY_PEER_AUTHENTICATOR, authenticator2);
-
- credentials = gen.getValidCredentials(3);
- Properties javaProps2 = gen2.getJavaProperties();
- props.putAll(credentials);
- props.putAll(extraProps2);
-
- createDS(props, javaProps2);
-
- // Start the second peer with the same authenticator as locator
- props = new Properties();
- props.setProperty(MCAST_PORT, "0");
- props.setProperty(LOCATORS, locators);
- props.setProperty(SECURITY_PEER_AUTH_INIT, authInit);
- props.setProperty(SECURITY_PEER_AUTHENTICATOR, authenticator);
-
- credentials = gen.getValidCredentials(7);
- javaProps = gen.getJavaProperties();
- props.putAll(credentials);
- props.putAll(extraProps);
-
- createDS(peer2, props, javaProps);
-
- createDS(peer3, props, javaProps);
-
- // wait for view propagation
- pause(2000);
-
- // Verify the number of members on all peers and locator
- locatorVM.invoke(() -> verifyMembers(4));
- verifyMembers(2);
- peer2.invoke(() -> verifyMembers(4));
- peer3.invoke(() -> verifyMembers(4));
-
- // Disconnect the first peer and check again
- disconnectFromDS();
- pause(2000);
-
- locatorVM.invoke(() -> verifyMembers(3));
- peer2.invoke(() -> verifyMembers(3));
- peer3.invoke(() -> verifyMembers(3));
-
- // Disconnect the second peer and check again
- peer2.invoke(() -> disconnectFromDS());
- pause(2000);
-
- locatorVM.invoke(() -> verifyMembers(2));
- peer3.invoke(() -> verifyMembers(2));
-
- // Same for last peer
- peer3.invoke(() -> disconnectFromDS());
- pause(2000);
-
- locatorVM.invoke(() -> verifyMembers(1));
-
- } finally {
- locatorVM.invoke(() -> stopLocator(port, ignoredExceptions));
- }
- }
-
- /**
- * The strategy is to test credential size greater than UDP datagram size.
- *
- * Here locator will accept the credentials from peer2 and the large credential
- * from the first peer. Number of members in the DS
- * should be four
- */
- @Test
- public void testP2PLargeCredentialSucceeds() throws Exception {
- int locatorPort = getRandomAvailablePort(SOCKET);
-
- final Host host = Host.getHost(0);
- final VM peer2 = host.getVM(1);
- final VM peer3 = host.getVM(2);
-
- CredentialGenerator gen = new DummyCredentialGenerator();
- gen.init();
-
- assertNotNull(gen.getAuthenticator());
- assertNull(gen.getJavaProperties());
- assertNull(gen.getSystemProperties());
- assertNotNull(gen.getValidCredentials(1));
-
- String authInit = UserPasswordWithExtraPropsAuthInit.class.getName() + ".create";
- Properties credentials = gen.getValidCredentials(1);
-
- Properties props = new Properties();
- props.setProperty(SECURITY_PEER_AUTH_INIT, authInit);
- props.setProperty(SECURITY_PEER_AUTHENTICATOR, gen.getAuthenticator());
- props.putAll(credentials);
-
- startTheLocator(props, null, locatorPort);
-
- try {
- // Start the first peer with huge credentials
- props = new Properties();
- props.setProperty(MCAST_PORT, "0");
- props.setProperty(LOCATORS, getIPLiteral() + "[" + locatorPort + "]");
- props.setProperty(SECURITY_PEER_AUTH_INIT, authInit);
- props.setProperty(SECURITY_PEER_AUTHENTICATOR, gen.getAuthenticator());
-
- String hugeStr = "20KString";
- for (int i = 0; i <= 20000; i++) {
- hugeStr += "A";
- }
-
- credentials = gen.getValidCredentials(3);
- credentials.setProperty("security-keep-extra-props", "-");
- credentials.setProperty("security-hugeentryone", hugeStr);
- credentials.setProperty("security-hugeentrytwo", hugeStr);
- credentials.setProperty("security-hugeentrythree", hugeStr);
-
- props.putAll(credentials);
-
- createDS(props, null);
- // fail("AuthenticationFailedException was expected as credentials were passed beyond 50k"); --?
-
- // Start the second peer with the same authenticator as locator
- props = new Properties();
- props.setProperty(MCAST_PORT, "0");
- props.setProperty(LOCATORS, getIPLiteral() + "[" + locatorPort + "]");
- props.setProperty(SECURITY_PEER_AUTH_INIT, authInit);
- props.setProperty(SECURITY_PEER_AUTHENTICATOR, gen.getAuthenticator());
-
- credentials = gen.getValidCredentials(7);
- props.putAll(credentials);
-
- createDS(peer2, props, null);
- createDS(peer3, props, null);
-
- // wait for view propagation
- pause(2000);
-
- // Verify the number of members on all peers and locator
- locatorVM.invoke(() -> verifyMembers(4));
- peer2.invoke(() -> verifyMembers(4));
- peer3.invoke(() -> verifyMembers(4));
-
- // Disconnect the peers
- disconnectFromDS();
- peer2.invoke(() -> disconnectFromDS());
- peer3.invoke(() -> disconnectFromDS());
-
- } finally {
- locatorVM.invoke(() -> stopLocator(locatorPort, ignoredExceptions));
- }
- }
-
- private void createDS(final VM peer2, final Properties props, final Properties javaProps) {
- peer2.invoke(() -> createDS(props, javaProps));
- }
-
- private void startTheLocator(final Properties props, final Properties javaProps, final int port) {
- locatorVM.invoke(() -> startLocator(getUniqueName(), port, props, javaProps, ignoredExceptions));
- }
-
- private static void createDS(final Properties props, final Properties javaProps) {
- SecurityTestUtils tmpUtil = new SecurityTestUtils("tmp");
- tmpUtil.createSystem(props, javaProps);
- }
-
- private static void verifyMembers(final int numExpectedMembers) {
- DistributedSystem ds = InternalDistributedSystem.getAnyInstance();
- MembershipManager mgr = MembershipManagerHelper.getMembershipManager(ds);
- assertEquals(numExpectedMembers, mgr.getView().size());
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/PDXGfshPostProcessorOnRemoteServerTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/PDXGfshPostProcessorOnRemoteServerTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/PDXGfshPostProcessorOnRemoteServerTest.java
deleted file mode 100644
index 81b3add..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/PDXGfshPostProcessorOnRemoteServerTest.java
+++ /dev/null
@@ -1,159 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.gemstone.gemfire.security;
-
-import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
-import static org.junit.Assert.*;
-
-import java.io.File;
-import java.util.Properties;
-import java.util.concurrent.TimeUnit;
-
-import com.jayway.awaitility.Awaitility;
-import org.apache.geode.security.templates.SampleSecurityManager;
-import org.junit.Before;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import com.gemstone.gemfire.cache.Cache;
-import com.gemstone.gemfire.cache.CacheFactory;
-import com.gemstone.gemfire.cache.Region;
-import com.gemstone.gemfire.cache.RegionShortcut;
-import com.gemstone.gemfire.cache.server.CacheServer;
-import com.gemstone.gemfire.distributed.Locator;
-import com.gemstone.gemfire.distributed.internal.InternalDistributedSystem;
-import com.gemstone.gemfire.internal.AvailablePortHelper;
-import com.gemstone.gemfire.internal.security.SecurityService;
-import com.gemstone.gemfire.management.ManagementService;
-import com.gemstone.gemfire.management.cli.Result.Status;
-import com.gemstone.gemfire.management.internal.cli.CliUtil;
-import com.gemstone.gemfire.management.internal.cli.HeadlessGfsh;
-import com.gemstone.gemfire.management.internal.cli.i18n.CliStrings;
-import com.gemstone.gemfire.management.internal.cli.result.CommandResult;
-import com.gemstone.gemfire.management.internal.cli.util.CommandStringBuilder;
-import com.gemstone.gemfire.pdx.SimpleClass;
-import com.gemstone.gemfire.security.templates.UserPasswordAuthInit;
-import com.gemstone.gemfire.test.dunit.Host;
-import com.gemstone.gemfire.test.dunit.VM;
-import com.gemstone.gemfire.test.dunit.internal.JUnit4DistributedTestCase;
-import com.gemstone.gemfire.test.junit.categories.DistributedTest;
-import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-
-@Category({ DistributedTest.class, SecurityTest.class })
-public class PDXGfshPostProcessorOnRemoteServerTest extends JUnit4DistributedTestCase {
- protected static final String REGION_NAME = "AuthRegion";
- protected VM locator = null;
- protected VM server = null;
-
- @Before
- public void before() throws Exception {
- final Host host = Host.getHost(0);
- this.locator = host.getVM(0);
- this.server = host.getVM(1);
- }
-
- @Test
- public void testGfshCommand() throws Exception{
- // set up locator with security
- int[] ports = AvailablePortHelper.getRandomAvailableTCPPorts(2);
- int locatorPort = ports[0];
- int jmxPort = ports[1];
- locator.invoke(()->{
- Properties props = new Properties();
- props.setProperty(SampleSecurityManager.SECURITY_JSON, "com/gemstone/gemfire/management/internal/security/clientServer.json");
- props.setProperty(SECURITY_MANAGER, SampleSecurityManager.class.getName());
- props.setProperty(MCAST_PORT, "0");
- props.put(JMX_MANAGER, "true");
- props.put(JMX_MANAGER_START, "true");
- props.put(JMX_MANAGER_PORT, jmxPort+"");
- props.setProperty(SECURITY_POST_PROCESSOR, PDXPostProcessor.class.getName());
- Locator.startLocatorAndDS(locatorPort, new File("locator.log"), props);
- });
-
- // set up server with security
- String locators = "localhost[" + locatorPort + "]";
- server.invoke(()->{
- Properties props = new Properties();
- props.setProperty(MCAST_PORT, "0");
- props.setProperty(LOCATORS, locators);
- props.setProperty(SECURITY_MANAGER, SampleSecurityManager.class.getName());
- props.setProperty(SampleSecurityManager.SECURITY_JSON, "com/gemstone/gemfire/management/internal/security/clientServer.json");
- props.setProperty(SECURITY_POST_PROCESSOR, PDXPostProcessor.class.getName());
-
- // the following are needed for peer-to-peer authentication
- props.setProperty(SECURITY_PEER_AUTH_INIT, UserPasswordAuthInit.class.getName());
- props.setProperty("security-username", "super-user");
- props.setProperty("security-password", "1234567");
- InternalDistributedSystem ds = getSystem(props);
-
- Cache cache = CacheFactory.create(ds);
- Region region = cache.createRegionFactory(RegionShortcut.REPLICATE).create(REGION_NAME);
-
- CacheServer server = cache.addCacheServer();
- server.setPort(0);
- server.start();
-
- for(int i=0; i<5; i++){
- SimpleClass obj = new SimpleClass(i, (byte)i);
- region.put("key"+i, obj);
- }
- });
-
- // wait until the region bean is visible
- locator.invoke(()->{
- Awaitility.await().pollInterval(500, TimeUnit.MICROSECONDS).atMost(5, TimeUnit.SECONDS).until(()->{
- Cache cache = CacheFactory.getAnyInstance();
- Object bean = ManagementService.getManagementService(cache).getDistributedRegionMXBean("/"+REGION_NAME);
- return bean != null;
- });
- });
-
- // run gfsh command in this vm
- CliUtil.isGfshVM = true;
- String shellId = getClass().getSimpleName();
- HeadlessGfsh gfsh = new HeadlessGfsh(shellId, 30, "gfsh_files");
-
- // connect to the jmx server
- final CommandStringBuilder connectCommand = new CommandStringBuilder(CliStrings.CONNECT);
- connectCommand.addOption(CliStrings.CONNECT__USERNAME, "dataUser");
- connectCommand.addOption(CliStrings.CONNECT__PASSWORD, "1234567");
-
- String endpoint = "localhost[" + jmxPort + "]";
- connectCommand.addOption(CliStrings.CONNECT__JMX_MANAGER, endpoint);
-
- gfsh.executeCommand(connectCommand.toString());
- CommandResult result = (CommandResult)gfsh.getResult();
-
- // get command
- gfsh.executeCommand("get --key=key1 --region=AuthRegion");
- result = (CommandResult) gfsh.getResult();
- assertEquals(result.getStatus(), Status.OK);
- assertTrue(result.getContent().toString().contains(SimpleClass.class.getName()));
-
- gfsh.executeCommand("query --query=\"select * from /AuthRegion\"");
- result = (CommandResult)gfsh.getResult();
-
- CliUtil.isGfshVM = false;
- server.invoke(()-> {
- PDXPostProcessor pp = (PDXPostProcessor) SecurityService.getSecurityService().getPostProcessor();
- // verify that the post processor is called 6 times. (5 for the query, 1 for the get)
- assertEquals(pp.getCount(), 6);
- });
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/PDXPostProcessor.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/PDXPostProcessor.java b/geode-core/src/test/java/com/gemstone/gemfire/security/PDXPostProcessor.java
deleted file mode 100644
index 0b03b66..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/PDXPostProcessor.java
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security;
-
-import static org.junit.Assert.*;
-
-import java.util.Arrays;
-import java.util.Properties;
-
-import org.apache.geode.security.PostProcessor;
-
-import com.gemstone.gemfire.pdx.SimpleClass;
-import com.gemstone.gemfire.pdx.internal.PdxInstanceImpl;
-
-public class PDXPostProcessor implements PostProcessor{
- public static byte[] BYTES = {1,0};
-
- private boolean pdx = false;
- private int count = 0;
-
- public void init(Properties props){
- pdx = Boolean.parseBoolean(props.getProperty("security-pdx"));
- count = 0;
- }
- @Override
- public Object processRegionValue(final Object principal,
- final String regionName,
- final Object key,
- final Object value) {
- count ++;
- if(value instanceof byte[]){
- assertTrue(Arrays.equals(BYTES, (byte[])value));
- }
- else if(pdx){
- assertTrue(value instanceof PdxInstanceImpl);
- }
- else {
- assertTrue(value instanceof SimpleClass);
- }
- return value;
- }
-
- public int getCount(){
- return count;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/PDXPostProcessorDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/PDXPostProcessorDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/PDXPostProcessorDUnitTest.java
deleted file mode 100644
index 1e87952..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/PDXPostProcessorDUnitTest.java
+++ /dev/null
@@ -1,233 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.gemstone.gemfire.security;
-
-import static org.junit.Assert.*;
-
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.concurrent.TimeUnit;
-
-import com.jayway.awaitility.Awaitility;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-import org.junit.runner.RunWith;
-import org.junit.runners.Parameterized;
-
-import com.gemstone.gemfire.cache.EntryEvent;
-import com.gemstone.gemfire.cache.Region;
-import com.gemstone.gemfire.cache.client.ClientCache;
-import com.gemstone.gemfire.cache.client.ClientCacheFactory;
-import com.gemstone.gemfire.cache.client.ClientRegionFactory;
-import com.gemstone.gemfire.cache.client.ClientRegionShortcut;
-import com.gemstone.gemfire.cache.query.SelectResults;
-import com.gemstone.gemfire.cache.util.CacheListenerAdapter;
-import com.gemstone.gemfire.internal.AvailablePortHelper;
-import com.gemstone.gemfire.internal.cache.EntryEventImpl;
-import com.gemstone.gemfire.internal.security.SecurityService;
-import com.gemstone.gemfire.management.cli.Result.Status;
-import com.gemstone.gemfire.management.internal.cli.CliUtil;
-import com.gemstone.gemfire.management.internal.cli.HeadlessGfsh;
-import com.gemstone.gemfire.management.internal.cli.i18n.CliStrings;
-import com.gemstone.gemfire.management.internal.cli.result.CommandResult;
-import com.gemstone.gemfire.management.internal.cli.util.CommandStringBuilder;
-import com.gemstone.gemfire.pdx.SimpleClass;
-import com.gemstone.gemfire.test.junit.categories.DistributedTest;
-import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-import com.gemstone.gemfire.test.junit.runners.CategoryWithParameterizedRunnerFactory;
-
-@Category({ DistributedTest.class, SecurityTest.class })
-@RunWith(Parameterized.class)
-@Parameterized.UseParametersRunnerFactory(CategoryWithParameterizedRunnerFactory.class)
-public class PDXPostProcessorDUnitTest extends AbstractSecureServerDUnitTest {
- private static byte[] BYTES = PDXPostProcessor.BYTES;
-
- @Parameterized.Parameters
- public static Collection<Object[]> parameters(){
- Object[][] params = {{true}, {false}};
- return Arrays.asList(params);
- }
-
- public PDXPostProcessorDUnitTest(boolean pdxPersistent){
- this.postProcessor = PDXPostProcessor.class;
- this.pdxPersistent = pdxPersistent;
- this.jmxPort = AvailablePortHelper.getRandomAvailableTCPPort();
- values = new HashMap();
- }
-
- @Test
- public void testRegionGet(){
- client2.invoke(()->{
- ClientCache cache = createClientCache("super-user", "1234567", serverPort);
- Region region = cache.getRegion(REGION_NAME);
- // put in a value that's a domain object
- region.put("key1", new SimpleClass(1, (byte) 1));
- // put in a byte value
- region.put("key2", BYTES);
- });
-
- client1.invoke(()->{
- ClientCache cache = createClientCache("super-user", "1234567", serverPort);
- Region region = cache.getRegion(REGION_NAME);
-
- // post process for get the client domain object
- Object value = region.get("key1");
- assertTrue(value instanceof SimpleClass);
-
- // post process for get the raw byte value
- value = region.get("key2");
- assertTrue(Arrays.equals(BYTES, (byte[])value));
- });
-
- // this makes sure PostProcessor is getting called
- PDXPostProcessor pp = (PDXPostProcessor) SecurityService.getSecurityService().getPostProcessor();
- assertEquals(pp.getCount(), 2);
- }
-
- @Test
- public void testQuery(){
- client2.invoke(()->{
- ClientCache cache = createClientCache("super-user", "1234567", serverPort);
- Region region = cache.getRegion(REGION_NAME);
- // put in a value that's a domain object
- region.put("key1", new SimpleClass(1, (byte) 1));
- region.put("key2", BYTES);
- });
-
- client1.invoke(()->{
- ClientCache cache = createClientCache("super-user", "1234567", serverPort);
- Region region = cache.getRegion(REGION_NAME);
-
- // post process for query
- String query = "select * from /AuthRegion";
- SelectResults result = region.query(query);
-
- Iterator itr = result.iterator();
- while (itr.hasNext()) {
- Object obj = itr.next();
- if(obj instanceof byte[]){
- assertTrue(Arrays.equals(BYTES, (byte[])obj));
- }
- else{
- assertTrue(obj instanceof SimpleClass);
- }
- }
- });
-
- // this makes sure PostProcessor is getting called
- PDXPostProcessor pp = (PDXPostProcessor) SecurityService.getSecurityService().getPostProcessor();
- assertEquals(pp.getCount(), 2);
- }
-
- @Test
- public void testRegisterInterest(){
- client1.invoke(()->{
- ClientCache cache = new ClientCacheFactory(createClientProperties("super-user", "1234567"))
- .setPoolSubscriptionEnabled(true)
- .addPoolServer("localhost", serverPort)
- .create();
-
- ClientRegionFactory factory = cache.createClientRegionFactory(ClientRegionShortcut.PROXY);
- factory.addCacheListener(new CacheListenerAdapter() {
- @Override
- public void afterUpdate(EntryEvent event) {
- Object key = event.getKey();
- Object value = ((EntryEventImpl) event).getDeserializedValue();
- if(key.equals("key1")) {
- assertTrue(value instanceof SimpleClass);
- }
- else if(key.equals("key2")){
- assertTrue(Arrays.equals(BYTES, (byte[])value));
- }
- }
- });
-
- Region region = factory.create(REGION_NAME);
- region.put("key1", "value1");
- region.registerInterest("key1");
- region.registerInterest("key2");
- });
-
- client2.invoke(()->{
- ClientCache cache = createClientCache("dataUser", "1234567", serverPort);
- Region region = cache.getRegion(REGION_NAME);
- // put in a value that's a domain object
- region.put("key1", new SimpleClass(1, (byte) 1));
- region.put("key2", BYTES);
- });
-
- // wait for events to fire
- Awaitility.await().atMost(1, TimeUnit.SECONDS);
- PDXPostProcessor pp = (PDXPostProcessor) SecurityService.getSecurityService().getPostProcessor();
- assertEquals(pp.getCount(), 2);
- }
-
- @Test
- public void testGfshCommand(){
- // have client2 input some domain data into the region
- client2.invoke(()->{
- ClientCache cache = createClientCache("super-user", "1234567", serverPort);
- Region region = cache.getRegion(REGION_NAME);
- // put in a value that's a domain object
- region.put("key1", new SimpleClass(1, (byte) 1));
- // put in a byte value
- region.put("key2", BYTES);
- });
-
- client1.invoke(()->{
- CliUtil.isGfshVM = true;
- String shellId = getClass().getSimpleName();
- HeadlessGfsh gfsh = new HeadlessGfsh(shellId, 30, "gfsh_files");
-
- // connect to the jmx server
- final CommandStringBuilder connectCommand = new CommandStringBuilder(CliStrings.CONNECT);
- connectCommand.addOption(CliStrings.CONNECT__USERNAME, "dataUser");
- connectCommand.addOption(CliStrings.CONNECT__PASSWORD, "1234567");
-
- String endpoint = "localhost[" + jmxPort + "]";
- connectCommand.addOption(CliStrings.CONNECT__JMX_MANAGER, endpoint);
-
- gfsh.executeCommand(connectCommand.toString());
- CommandResult result = (CommandResult) gfsh.getResult();
-
- // get command
- gfsh.executeCommand("get --key=key1 --region=AuthRegion");
- result = (CommandResult) gfsh.getResult();
- assertEquals(result.getStatus(), Status.OK);
- if(pdxPersistent)
- assertTrue(result.getContent().toString().contains("com.gemstone.gemfire.pdx.internal.PdxInstanceImpl"));
- else
- assertTrue(result.getContent().toString().contains("SimpleClass"));
-
- gfsh.executeCommand("get --key=key2 --region=AuthRegion");
- result = (CommandResult)gfsh.getResult();
- assertEquals(result.getStatus(), Status.OK);
- assertTrue(result.getContent().toString().contains("byte[]"));
-
- gfsh.executeCommand("query --query=\"select * from /AuthRegion\"");
- result = (CommandResult)gfsh.getResult();
- System.out.println("gfsh result: " + result);
- });
-
- PDXPostProcessor pp = (PDXPostProcessor) SecurityService.getSecurityService().getPostProcessor();
- assertEquals(pp.getCount(), 4);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/PostProcessorDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/PostProcessorDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/PostProcessorDUnitTest.java
deleted file mode 100644
index 4a546e2..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/PostProcessorDUnitTest.java
+++ /dev/null
@@ -1,126 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security;
-
-import static org.junit.Assert.*;
-
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Map;
-
-import org.apache.geode.security.templates.SamplePostProcessor;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import com.gemstone.gemfire.cache.EntryEvent;
-import com.gemstone.gemfire.cache.Region;
-import com.gemstone.gemfire.cache.client.ClientCache;
-import com.gemstone.gemfire.cache.client.ClientCacheFactory;
-import com.gemstone.gemfire.cache.client.ClientRegionFactory;
-import com.gemstone.gemfire.cache.client.ClientRegionShortcut;
-import com.gemstone.gemfire.cache.client.Pool;
-import com.gemstone.gemfire.cache.client.PoolManager;
-import com.gemstone.gemfire.cache.query.SelectResults;
-import com.gemstone.gemfire.cache.util.CacheListenerAdapter;
-import com.gemstone.gemfire.test.junit.categories.DistributedTest;
-import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-
-@Category({ DistributedTest.class, SecurityTest.class })
-public class PostProcessorDUnitTest extends AbstractSecureServerDUnitTest {
-
- public PostProcessorDUnitTest(){
- this.postProcessor = SamplePostProcessor.class;
- }
-
- @Test
- public void testPostProcessRegionGet(){
- List<String> keys = new ArrayList<>();
- keys.add("key1");
- keys.add("key2");
-
- client1.invoke(()->{
- ClientCache cache = createClientCache("super-user", "1234567", serverPort);
- Region region = cache.getRegion(REGION_NAME);
-
- // post process for get
- Object value = region.get("key3");
- assertEquals("super-user/AuthRegion/key3/value3", value);
-
- // post processs for getAll
- Map values = region.getAll(keys);
- assertEquals(2, values.size());
- assertEquals("super-user/AuthRegion/key1/value1", values.get("key1"));
- assertEquals("super-user/AuthRegion/key2/value2", values.get("key2"));
- });
- }
-
- @Test
- public void testPostProcessQuery(){
- client1.invoke(()->{
- ClientCache cache = createClientCache("super-user", "1234567", serverPort);
- Region region = cache.getRegion(REGION_NAME);
-
- // post process for query
- String query = "select * from /AuthRegion";
- SelectResults result = region.query(query);
- assertEquals(5, result.size());
-
- assertTrue(result.contains("super-user/null/null/value0"));
- assertTrue(result.contains("super-user/null/null/value1"));
- assertTrue(result.contains("super-user/null/null/value2"));
- assertTrue(result.contains("super-user/null/null/value3"));
- assertTrue(result.contains("super-user/null/null/value4"));
-
- Pool pool = PoolManager.find(region);
- result = (SelectResults)pool.getQueryService().newQuery(query).execute();
- assertTrue(result.contains("super-user/null/null/value0"));
- assertTrue(result.contains("super-user/null/null/value1"));
- assertTrue(result.contains("super-user/null/null/value2"));
- assertTrue(result.contains("super-user/null/null/value3"));
- assertTrue(result.contains("super-user/null/null/value4"));
- });
- }
-
- @Test
- public void testRegisterInterestPostProcess(){
- client1.invoke(()->{
- ClientCache cache = new ClientCacheFactory(createClientProperties("super-user", "1234567"))
- .setPoolSubscriptionEnabled(true)
- .addPoolServer("localhost", serverPort)
- .create();
-
- ClientRegionFactory factory = cache.createClientRegionFactory(ClientRegionShortcut.PROXY);
- factory.addCacheListener(new CacheListenerAdapter() {
- @Override
- public void afterUpdate(EntryEvent event) {
- assertEquals("super-user/AuthRegion/key1/value2", event.getSerializedNewValue().getDeserializedValue());
- }
- });
-
- Region region = factory.create(REGION_NAME);
- region.put("key1", "value1");
- region.registerInterest("key1");
- });
-
- client2.invoke(()->{
- ClientCache cache = createClientCache("dataUser", "1234567", serverPort);
- Region region = cache.getRegion(REGION_NAME);
- region.put("key1", "value2");
- });
- }
-
-}
[06/15] incubator-geode git commit: GEODE-37 Renamed security related
stuff
Posted by hi...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/ClientMultiUserAuthzDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/ClientMultiUserAuthzDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/ClientMultiUserAuthzDUnitTest.java
new file mode 100644
index 0000000..38f9988
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/ClientMultiUserAuthzDUnitTest.java
@@ -0,0 +1,345 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import static com.gemstone.gemfire.security.SecurityTestUtils.*;
+import static com.gemstone.gemfire.test.dunit.LogWriterUtils.*;
+
+import java.util.Iterator;
+import java.util.Properties;
+
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import com.gemstone.gemfire.cache.Region;
+import com.gemstone.gemfire.cache.execute.Function;
+import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
+import com.gemstone.gemfire.internal.cache.GemFireCacheImpl;
+import com.gemstone.gemfire.internal.cache.execute.PRClientServerTestBase;
+import com.gemstone.gemfire.internal.cache.functions.TestFunction;
+import com.gemstone.gemfire.security.generator.AuthzCredentialGenerator;
+import com.gemstone.gemfire.security.generator.CredentialGenerator;
+import com.gemstone.gemfire.test.dunit.VM;
+import com.gemstone.gemfire.test.junit.categories.DistributedTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+
+@Category({ DistributedTest.class, SecurityTest.class })
+public class ClientMultiUserAuthzDUnitTest extends ClientAuthorizationTestCase {
+
+ @Override
+ public final void preTearDownClientAuthorizationTestBase() throws Exception {
+ closeCache();
+ }
+
+ /**
+ * Tests with one user authorized to do puts/gets/containsKey/destroys and
+ * another not authorized for the same.
+ */
+ @Test
+ public void testOps1() throws Exception {
+ for (Iterator<AuthzCredentialGenerator> iter = getDummyGeneratorCombos().iterator(); iter.hasNext();) {
+ AuthzCredentialGenerator gen = iter.next();
+ CredentialGenerator cGen = gen.getCredentialGenerator();
+ Properties extraAuthProps = cGen.getSystemProperties();
+ Properties javaProps = cGen.getJavaProperties();
+ Properties extraAuthzProps = gen.getSystemProperties();
+ String authenticator = cGen.getAuthenticator();
+ String authInit = cGen.getAuthInit();
+ String accessor = gen.getAuthorizationCallback();
+
+ getLogWriter().info("testOps1: Using authinit: " + authInit);
+ getLogWriter().info("testOps1: Using authenticator: " + authenticator);
+ getLogWriter().info("testOps1: Using accessor: " + accessor);
+
+ // Start servers with all required properties
+ Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps);
+
+ int port1 = createCacheServerOnVM(server1, javaProps, serverProps);
+ int port2 = createCacheServerOnVM(server2, javaProps, serverProps);
+
+ if (!prepareClientsForOps(gen, cGen, new OperationCode[] { OperationCode.PUT, OperationCode.PUT}, new OperationCode[] { OperationCode.GET, OperationCode.GET}, javaProps, authInit, port1, port2)) {
+ continue;
+ }
+
+ verifyPutsGets();
+
+ if (!prepareClientsForOps(gen, cGen, new OperationCode[] { OperationCode.PUT, OperationCode.CONTAINS_KEY}, new OperationCode[] { OperationCode.DESTROY, OperationCode.DESTROY}, javaProps, authInit, port1, port2)) {
+ continue;
+ }
+
+ verifyContainsKeyDestroys();
+
+ if (!prepareClientsForOps(gen, cGen, new OperationCode[] { OperationCode.PUT, OperationCode.CONTAINS_KEY}, new OperationCode[] { OperationCode.INVALIDATE, OperationCode.INVALIDATE}, javaProps, authInit, port1, port2)) {
+ continue;
+ }
+
+ verifyContainsKeyInvalidates();
+
+ if (!prepareClientsForOps(gen, cGen, new OperationCode[] { OperationCode.GET, OperationCode.GET}, new OperationCode[] { OperationCode.REGION_DESTROY, OperationCode.REGION_DESTROY}, javaProps, authInit, port1, port2)) {
+ continue;
+ }
+
+ verifyGetAllInTX();
+ verifyGetAllRegionDestroys();
+ }
+ }
+
+ /**
+ * Test query/function execute
+ */
+ @Test
+ public void testOps2() throws Exception {
+ AuthzCredentialGenerator gen = getXmlAuthzGenerator();
+ CredentialGenerator cGen = gen.getCredentialGenerator();
+ Properties extraAuthProps = cGen.getSystemProperties();
+ Properties javaProps = cGen.getJavaProperties();
+ Properties extraAuthzProps = gen.getSystemProperties();
+ String authenticator = cGen.getAuthenticator();
+ String authInit = cGen.getAuthInit();
+ String accessor = gen.getAuthorizationCallback();
+
+ getLogWriter().info("testOps2: Using authinit: " + authInit);
+ getLogWriter().info("testOps2: Using authenticator: " + authenticator);
+ getLogWriter().info("testOps2: Using accessor: " + accessor);
+
+ // Start servers with all required properties
+ Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps);
+
+ int port1 = createCacheServerOnVM(server1, javaProps, serverProps);
+ int port2 = createCacheServerOnVM(server2, javaProps, serverProps);
+
+ // Start client1 with valid/invalid QUERY credentials
+ Properties[] client1Credentials = new Properties[] {
+ gen.getAllowedCredentials(new OperationCode[] {OperationCode.PUT, OperationCode.QUERY}, new String[] {regionName}, 1),
+ gen.getDisallowedCredentials(new OperationCode[] {OperationCode.PUT, OperationCode.QUERY}, new String[] {regionName}, 1)
+ };
+
+ javaProps = cGen.getJavaProperties();
+ getLogWriter().info("testOps2: For first client credentials: " + client1Credentials[0] + "\n" + client1Credentials[1]);
+
+ final Properties finalJavaProps = javaProps;
+ client1.invoke(() -> createCacheClientForMultiUserMode(2, authInit, client1Credentials, finalJavaProps, new int[] {port1, port2}, -1, false, NO_EXCEPTION));
+
+ // Start client2 with valid/invalid EXECUTE_FUNCTION credentials
+ Properties[] client2Credentials = new Properties[] {
+ gen.getAllowedCredentials(new OperationCode[] {OperationCode.EXECUTE_FUNCTION}, new String[] {regionName}, 2),
+ gen.getDisallowedCredentials(new OperationCode[] {OperationCode.EXECUTE_FUNCTION}, new String[] {regionName}, 9)
+ };
+
+ javaProps = cGen.getJavaProperties();
+ getLogWriter().info("testOps2: For second client credentials: " + client2Credentials[0] + "\n" + client2Credentials[1]);
+
+ final Properties finalJavaProps2 = javaProps;
+ client2.invoke(() -> createCacheClientForMultiUserMode(2, authInit, client2Credentials, finalJavaProps2, new int[] {port1, port2}, -1, false, NO_EXCEPTION));
+
+ Function function = new TestFunction(true,TestFunction.TEST_FUNCTION1);
+
+ server1.invoke(() -> PRClientServerTestBase.registerFunction(function));
+
+ server2.invoke(() -> PRClientServerTestBase.registerFunction(function));
+
+ // Perform some put operations before verifying queries
+ client1.invoke(() -> doMultiUserPuts(4, 2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}));
+ client1.invoke(() -> doMultiUserQueries(2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}, 4));
+ client1.invoke(() -> doMultiUserQueryExecute(2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}, 4));
+
+ // Verify that the FE succeeds/fails
+ client2.invoke(() ->doMultiUserFE(2, function, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}, false));
+
+ // Failover
+ server1.invoke(() -> closeCache());
+ Thread.sleep(2000);
+
+ client1.invoke(() -> doMultiUserPuts(4, 2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}));
+
+ client1.invoke(() -> doMultiUserQueries(2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}, 4));
+ client1.invoke(() -> doMultiUserQueryExecute(2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}, 4));
+
+ // Verify that the FE succeeds/fails
+ client2.invoke(() -> doMultiUserFE(2, function, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}, true));
+ }
+
+ @Test
+ public void testOpsWithClientsInDifferentModes() throws Exception {
+ for (Iterator<AuthzCredentialGenerator> iter = getDummyGeneratorCombos().iterator(); iter.hasNext();) {
+ AuthzCredentialGenerator gen = iter.next();
+ CredentialGenerator cGen = gen.getCredentialGenerator();
+ Properties extraAuthProps = cGen.getSystemProperties();
+ Properties javaProps = cGen.getJavaProperties();
+ Properties extraAuthzProps = gen.getSystemProperties();
+ String authenticator = cGen.getAuthenticator();
+ String authInit = cGen.getAuthInit();
+ String accessor = gen.getAuthorizationCallback();
+
+ getLogWriter().info("testOpsWithClientsInDifferentModes: Using authinit: " + authInit);
+ getLogWriter().info("testOpsWithClientsInDifferentModes: Using authenticator: " + authenticator);
+ getLogWriter().info("testOpsWithClientsInDifferentModes: Using accessor: " + accessor);
+
+ // Start servers with all required properties
+ Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps);
+
+ int port1 = createCacheServerOnVM(server1, javaProps, serverProps);
+ int port2 = createCacheServerOnVM(server2, javaProps, serverProps);
+
+ if (!prepareClientsForOps(gen, cGen, new OperationCode[] { OperationCode.PUT, OperationCode.PUT}, new OperationCode[] { OperationCode.GET, OperationCode.GET}, javaProps, authInit, port1, port2, false, true)) {
+ continue;
+ }
+
+ verifyPutsGets(false, true);
+
+ if (!prepareClientsForOps(gen, cGen, new OperationCode[] { OperationCode.PUT, OperationCode.CONTAINS_KEY}, new OperationCode[] { OperationCode.DESTROY, OperationCode.DESTROY}, javaProps, authInit, port1, port2, false, false)) {
+ continue;
+ }
+
+ verifyContainsKeyDestroys(false, false);
+ }
+ }
+
+ private boolean prepareClientsForOps(final AuthzCredentialGenerator gen, final CredentialGenerator cGen, final OperationCode[] client1OpCodes, final OperationCode[] client2OpCodes, final Properties javaProps, final String authInit, final int port1, final int port2) {
+ return prepareClientsForOps(gen, cGen, client1OpCodes, client2OpCodes, javaProps, authInit, port1, port2, true /* both clients in multiuser mode */, false /* unused */);
+ }
+
+ private boolean prepareClientsForOps(final AuthzCredentialGenerator gen, final CredentialGenerator cGen, final OperationCode[] client1OpCodes, final OperationCode[] client2OpCodes, Properties javaProps, final String authInit, final int port1, final int port2, final boolean bothClientsInMultiuserMode, final boolean allowOp) {
+ // Start client1 with valid/invalid client1OpCodes credentials
+ Properties[] client1Credentials = new Properties[] { gen.getAllowedCredentials(client1OpCodes, new String[] {regionName}, 1), gen.getDisallowedCredentials(new OperationCode[] {client1OpCodes[1]}, new String[] {regionName}, 1)};
+
+ if (client1Credentials[0] == null || client1Credentials[0].size() == 0) {
+ getLogWriter().info("testOps1: Unable to obtain valid credentials with " + client1OpCodes[0].toString() + " permission; skipping this combination.");
+ return false;
+ }
+
+ if (client1Credentials[1] == null || client1Credentials[1].size() == 0) {
+ getLogWriter().info("testOps1: Unable to obtain valid credentials with no " + client1OpCodes[0].toString() + " permission; skipping this combination.");
+ return false;
+ }
+
+ javaProps = cGen.getJavaProperties();
+ getLogWriter().info("testOps1: For first client credentials: " + client1Credentials[0] + "\n" + client1Credentials[1]);
+ final Properties finalJavaProps = javaProps;
+
+ client1.invoke(() -> createCacheClientForMultiUserMode(2, authInit, client1Credentials, finalJavaProps, new int[] {port1, port2}, -1, false, NO_EXCEPTION));
+
+ // Start client2 with valid/invalid client2OpCodes credentials
+ Properties[] client2Credentials = new Properties[] { gen.getAllowedCredentials(client2OpCodes, new String[] {regionName}, 2), gen.getDisallowedCredentials(client2OpCodes, new String[] {regionName}, 9)};
+
+ if (client2Credentials[0] == null || client2Credentials[0].size() == 0) {
+ getLogWriter().info("testOps1: Unable to obtain valid credentials with " + client2OpCodes[0].toString() + " permission; skipping this combination.");
+ return false;
+ }
+
+ if (client2Credentials[1] == null || client2Credentials[1].size() == 0) {
+ getLogWriter().info("testOps1: Unable to obtain valid credentials with no " + client2OpCodes[0].toString() + " permission; skipping this combination.");
+ return false;
+ }
+
+ javaProps = cGen.getJavaProperties();
+ getLogWriter().info("testOps1: For second client credentials: " + client2Credentials[0] + "\n" + client2Credentials[1]);
+
+ if (bothClientsInMultiuserMode) {
+ final Properties finalJavaProps2 = javaProps;
+ client2.invoke(() -> createCacheClientForMultiUserMode(2, authInit, client2Credentials, finalJavaProps2, new int[] {port1, port2}, -1, false, NO_EXCEPTION));
+
+ } else {
+ int credentialsIndex = allowOp ? 0 : 1;
+ final Properties finalJavaProps2 = javaProps;
+ client2.invoke(() -> createCacheClient(authInit, client2Credentials[credentialsIndex], finalJavaProps2, new int[] {port1, port2}, -1, false, false, NO_EXCEPTION));
+ }
+
+ return true;
+ }
+
+ private void verifyPutsGets() throws Exception {
+ verifyPutsGets(true, false /*unused */);
+ }
+
+ private void verifyPutsGets(final boolean isMultiuser, final boolean opAllowed) throws Exception {
+ // Perform some put operations from client1
+ client1.invoke(() -> doMultiUserPuts(2, 2, new int[] { NO_EXCEPTION, NOTAUTHZ_EXCEPTION}));
+
+ // Verify that the gets succeed/fail
+ if (isMultiuser) {
+ client2.invoke(() -> doMultiUserGets(2, 2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}));
+
+ } else {
+ int expectedResult = (opAllowed) ? NO_EXCEPTION : NOTAUTHZ_EXCEPTION;
+ client2.invoke(() -> doMultiUserGets(1, 1, new int[] {expectedResult}));
+ }
+ }
+
+ private void verifyContainsKeyDestroys() throws Exception {
+ verifyContainsKeyDestroys(true, false /* unused */);
+ }
+
+ private void verifyContainsKeyDestroys(final boolean isMultiUser, final boolean opAllowed) throws Exception {
+ // Do puts before verifying containsKey
+ client1.invoke(() -> doMultiUserPuts(2, 2, new int[] {NO_EXCEPTION, NO_EXCEPTION}));
+ client1.invoke(() -> doMultiUserContainsKeys(1, 2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}, new boolean[] {true, false}));
+
+ // Verify that the destroys succeed/fail
+ if (isMultiUser) {
+ client2.invoke(() -> doMultiUserDestroys(2, 2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}));
+
+ } else {
+ int expectedResult = (opAllowed) ? NO_EXCEPTION : NOTAUTHZ_EXCEPTION;
+ client2.invoke(() -> doMultiUserDestroys(1, 1, new int[] {expectedResult}));
+ }
+ }
+
+ private void verifyContainsKeyInvalidates() throws Exception {
+ verifyContainsKeyInvalidates(true, false /* unused */);
+ }
+
+ private void verifyContainsKeyInvalidates(final boolean isMultiUser, final boolean opAllowed) throws Exception {
+ // Do puts before verifying containsKey
+ client1.invoke(() -> doMultiUserPuts(2, 2, new int[] {NO_EXCEPTION, NO_EXCEPTION}));
+ client1.invoke(() -> doMultiUserContainsKeys(1, 2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}, new boolean[] {true, false}));
+
+ // Verify that the invalidates succeed/fail
+ if (isMultiUser) {
+ client2.invoke(() -> doMultiUserInvalidates(2, 2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}));
+
+ } else {
+ int expectedResult = (opAllowed) ? NO_EXCEPTION : NOTAUTHZ_EXCEPTION;
+ client2.invoke(() -> doMultiUserInvalidates(1, 1, new int[] {expectedResult}));
+ }
+ }
+
+ private void verifyGetAllInTX() {
+ server1.invoke(() -> doPuts());
+ client1.invoke(() -> doMultiUserGetAll(2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}, true/*use TX*/));
+ }
+
+ private void verifyGetAllRegionDestroys() {
+ server1.invoke(() -> doPuts());
+ client1.invoke(() -> doMultiUserGetAll(2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}));
+
+ // Verify that the region destroys succeed/fail
+ client2.invoke(() -> doMultiUserRegionDestroys(2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}));
+ }
+
+ private void doPuts() {
+ Region region = GemFireCacheImpl.getInstance().getRegion(REGION_NAME);
+ region.put("key1", "value1");
+ region.put("key2", "value2");
+ }
+
+ private int createCacheServerOnVM(final VM server, final Properties javaProps, final Properties serverProps) {
+ return server.invoke(() -> ClientAuthorizationTestCase.createCacheServer(getLocatorPort(), serverProps, javaProps));
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/DeltaClientAuthorizationDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/DeltaClientAuthorizationDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/DeltaClientAuthorizationDUnitTest.java
new file mode 100644
index 0000000..0efd3d6
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/DeltaClientAuthorizationDUnitTest.java
@@ -0,0 +1,201 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import static com.gemstone.gemfire.security.ClientAuthenticationTestUtils.createCacheClient;
+import static com.gemstone.gemfire.security.SecurityTestUtils.*;
+import static com.gemstone.gemfire.test.dunit.Assert.*;
+import static com.gemstone.gemfire.test.dunit.LogWriterUtils.*;
+
+import java.util.Properties;
+
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import com.gemstone.gemfire.DeltaTestImpl;
+import com.gemstone.gemfire.cache.Region;
+import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
+import com.gemstone.gemfire.internal.cache.PartitionedRegionLocalMaxMemoryDUnitTest.TestObject1;
+import com.gemstone.gemfire.security.generator.AuthzCredentialGenerator;
+import com.gemstone.gemfire.security.generator.CredentialGenerator;
+import com.gemstone.gemfire.test.junit.categories.DistributedTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+
+/**
+ * @since GemFire 6.1
+ */
+@Category({ DistributedTest.class, SecurityTest.class })
+public final class DeltaClientAuthorizationDUnitTest extends ClientAuthorizationTestCase {
+
+ private DeltaTestImpl[] deltas = new DeltaTestImpl[8];
+
+ @Override
+ protected final void preSetUpClientAuthorizationTestBase() throws Exception {
+ setUpDeltas();
+ }
+
+ @Override
+ public final void preTearDownClientAuthorizationTestBase() throws Exception {
+ closeCache();
+ }
+
+ @Test
+ public void testAllowPutsGets() throws Exception {
+ AuthzCredentialGenerator gen = this.getXmlAuthzGenerator();
+ CredentialGenerator cGen = gen.getCredentialGenerator();
+
+ Properties extraAuthProps = cGen.getSystemProperties();
+ Properties javaProps = cGen.getJavaProperties();
+ Properties extraAuthzProps = gen.getSystemProperties();
+
+ String authenticator = cGen.getAuthenticator();
+ String authInit = cGen.getAuthInit();
+ String accessor = gen.getAuthorizationCallback();
+
+ getLogWriter().info("testAllowPutsGets: Using authinit: " + authInit);
+ getLogWriter().info("testAllowPutsGets: Using authenticator: " + authenticator);
+ getLogWriter().info("testAllowPutsGets: Using accessor: " + accessor);
+
+ // Start servers with all required properties
+ Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps);
+
+ int port1 = createServer1(javaProps, serverProps);
+ int port2 = createServer2(javaProps, serverProps);
+
+ // Start client1 with valid CREATE credentials
+ Properties createCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.PUT }, new String[] { REGION_NAME }, 1);
+ javaProps = cGen.getJavaProperties();
+
+ getLogWriter().info("testAllowPutsGets: For first client credentials: " + createCredentials);
+
+ createClient1(javaProps, authInit, port1, port2, createCredentials);
+
+ // Start client2 with valid GET credentials
+ Properties getCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.GET }, new String[] { REGION_NAME }, 2);
+ javaProps = cGen.getJavaProperties();
+
+ getLogWriter().info("testAllowPutsGets: For second client credentials: " + getCredentials);
+
+ createClient2(javaProps, authInit, port1, port2, getCredentials);
+
+ // Perform some put operations from client1
+ client1.invoke(() -> doPuts(2, NO_EXCEPTION));
+
+ Thread.sleep(5000);
+ assertTrue("Delta feature NOT used", client1.invoke(() -> DeltaTestImpl.toDeltaFeatureUsed()));
+
+ // Verify that the gets succeed
+ client2.invoke(() -> doGets(2, NO_EXCEPTION));
+ }
+
+ private void createClient2(final Properties javaProps, final String authInit, final int port1, final int port2, final Properties getCredentials) {
+ client2.invoke(() -> createCacheClient(authInit, getCredentials, javaProps, port1, port2, 0, NO_EXCEPTION));
+ }
+
+ private void createClient1(final Properties javaProps, final String authInit, final int port1, final int port2, final Properties createCredentials) {
+ client1.invoke(() -> createCacheClient(authInit, createCredentials, javaProps, port1, port2, 0, NO_EXCEPTION));
+ }
+
+ private int createServer2(final Properties javaProps, final Properties serverProps) {
+ return server2.invoke(() -> createCacheServer(getLocatorPort(), serverProps, javaProps));
+ }
+
+ private int createServer1(final Properties javaProps, final Properties serverProps) {
+ return server1.invoke(() -> createCacheServer(getLocatorPort(), serverProps, javaProps));
+ }
+
+ private void doPuts(final int num, final int expectedResult) {
+ assertTrue(num <= KEYS.length);
+ Region region = getCache().getRegion(REGION_NAME);
+ assertNotNull(region);
+ for (int index = 0; index < num; ++index) {
+ region.put(KEYS[index], deltas[0]);
+ }
+ for (int index = 0; index < num; ++index) {
+ region.put(KEYS[index], deltas[index]);
+ if (expectedResult != NO_EXCEPTION) {
+ fail("Expected a NotAuthorizedException while doing puts");
+ }
+ }
+ }
+
+ private void doGets(final int num, final int expectedResult) {
+ assertTrue(num <= KEYS.length);
+
+ Region region = getCache().getRegion(REGION_NAME);
+ assertNotNull(region);
+
+ for (int index = 0; index < num; ++index) {
+ region.localInvalidate(KEYS[index]);
+ Object value = region.get(KEYS[index]);
+ if (expectedResult != NO_EXCEPTION) {
+ fail("Expected a NotAuthorizedException while doing gets");
+ }
+ assertNotNull(value);
+ assertEquals(deltas[index], value);
+ }
+ }
+
+ private final void setUpDeltas() {
+ for (int i = 0; i < 8; i++) {
+ deltas[i] = new DeltaTestImpl(0, "0", new Double(0), new byte[0], new TestObject1("0", 0));
+ }
+ deltas[1].setIntVar(5);
+ deltas[2].setIntVar(5);
+ deltas[3].setIntVar(5);
+ deltas[4].setIntVar(5);
+ deltas[5].setIntVar(5);
+ deltas[6].setIntVar(5);
+ deltas[7].setIntVar(5);
+
+ deltas[2].resetDeltaStatus();
+ deltas[2].setByteArr(new byte[] { 1, 2, 3, 4, 5 });
+ deltas[3].setByteArr(new byte[] { 1, 2, 3, 4, 5 });
+ deltas[4].setByteArr(new byte[] { 1, 2, 3, 4, 5 });
+ deltas[5].setByteArr(new byte[] { 1, 2, 3, 4, 5 });
+ //deltas[6].setByteArr(new byte[] { 1, 2, 3, 4, 5 });
+ //deltas[7].setByteArr(new byte[] { 1, 2, 3, 4, 5 });
+
+ deltas[3].resetDeltaStatus();
+ deltas[3].setDoubleVar(new Double(5));
+ deltas[4].setDoubleVar(new Double(5));
+ deltas[5].setDoubleVar(new Double(5));
+ deltas[6].setDoubleVar(new Double(5));
+ deltas[7].setDoubleVar(new Double(5));
+
+ deltas[4].resetDeltaStatus();
+ deltas[4].setStr("str changed");
+ deltas[5].setStr("str changed");
+ deltas[6].setStr("str changed");
+ //deltas[7].setStr("str changed");
+
+ deltas[5].resetDeltaStatus();
+ deltas[5].setIntVar(100);
+ deltas[5].setTestObj(new TestObject1("CHANGED", 100));
+ deltas[6].setTestObj(new TestObject1("CHANGED", 100));
+ deltas[7].setTestObj(new TestObject1("CHANGED", 100));
+
+ deltas[6].resetDeltaStatus();
+ deltas[6].setByteArr(new byte[] { 1, 2, 3 });
+ deltas[7].setByteArr(new byte[] { 1, 2, 3 });
+
+ deltas[7].resetDeltaStatus();
+ deltas[7].setStr("delta string");
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/DeltaClientPostAuthorizationDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/DeltaClientPostAuthorizationDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/DeltaClientPostAuthorizationDUnitTest.java
new file mode 100644
index 0000000..ff8d23d
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/DeltaClientPostAuthorizationDUnitTest.java
@@ -0,0 +1,284 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import static com.gemstone.gemfire.security.SecurityTestUtils.*;
+import static com.gemstone.gemfire.test.dunit.Assert.*;
+import static com.gemstone.gemfire.test.dunit.IgnoredException.*;
+import static com.gemstone.gemfire.test.dunit.LogWriterUtils.*;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Properties;
+import java.util.Random;
+
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import com.gemstone.gemfire.DeltaTestImpl;
+import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
+import com.gemstone.gemfire.internal.AvailablePortHelper;
+import com.gemstone.gemfire.internal.cache.PartitionedRegionLocalMaxMemoryDUnitTest;
+import com.gemstone.gemfire.security.generator.AuthzCredentialGenerator;
+import com.gemstone.gemfire.security.generator.CredentialGenerator;
+import com.gemstone.gemfire.test.dunit.VM;
+import com.gemstone.gemfire.test.junit.categories.DistributedTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+
+/**
+ * @since GemFire 6.1
+ */
+@Category({ DistributedTest.class, SecurityTest.class })
+public class DeltaClientPostAuthorizationDUnitTest extends ClientAuthorizationTestCase {
+
+ private static final int PAUSE = 5 * 1000; // TODO: replace with Awaitility
+
+ private DeltaTestImpl[] deltas = new DeltaTestImpl[8];
+
+ @Override
+ public final void preSetUpClientAuthorizationTestBase() throws Exception {
+ setUpDeltas();
+ addIgnoredException("Unexpected IOException");
+ addIgnoredException("SocketException");
+ }
+
+ @Override
+ public final void preTearDownClientAuthorizationTestBase() throws Exception {
+ closeCache();
+ }
+
+ @Test
+ public void testPutPostOpNotifications() throws Exception {
+ OperationWithAction[] allOps = allOps();
+
+ AuthzCredentialGenerator gen = this.getXmlAuthzGenerator();
+ CredentialGenerator cGen = gen.getCredentialGenerator();
+ Properties extraAuthProps = cGen.getSystemProperties();
+ Properties javaProps = cGen.getJavaProperties();
+ Properties extraAuthzProps = gen.getSystemProperties();
+ String authenticator = cGen.getAuthenticator();
+ String authInit = cGen.getAuthInit();
+ String accessor = gen.getAuthorizationCallback();
+ TestAuthzCredentialGenerator tgen = new TestAuthzCredentialGenerator(gen);
+
+ getLogWriter().info("testAllOpsNotifications: Using authinit: " + authInit);
+ getLogWriter().info("testAllOpsNotifications: Using authenticator: " + authenticator);
+ getLogWriter().info("testAllOpsNotifications: Using accessor: " + accessor);
+
+ // Start servers with all required properties
+ Properties serverProps = buildProperties(authenticator, accessor, true, extraAuthProps, extraAuthzProps);
+
+ // Get ports for the servers
+ int[] randomAvailableTCPPorts = AvailablePortHelper.getRandomAvailableTCPPorts(2);
+ int port1 = randomAvailableTCPPorts[0];
+ int port2 = randomAvailableTCPPorts[1];
+
+ // Perform all the ops on the clients
+ List opBlock = new ArrayList();
+ Random rnd = new Random();
+
+ for (int opNum = 0; opNum < allOps.length; ++opNum) {
+ // Start client with valid credentials as specified in OperationWithAction
+ OperationWithAction currentOp = allOps[opNum];
+ if (currentOp.equals(OperationWithAction.OPBLOCK_END) || currentOp.equals(OperationWithAction.OPBLOCK_NO_FAILOVER)) {
+
+ // End of current operation block; execute all the operations on the servers with failover
+ if (opBlock.size() > 0) {
+ // Start the first server and execute the operation block
+ server1.invoke(() -> ClientAuthorizationTestCase.createCacheServer(getLocatorPort(), port1, serverProps, javaProps ));
+ server2.invoke(() -> closeCache());
+
+ executeOpBlock(opBlock, port1, port2, authInit, extraAuthProps, extraAuthzProps, tgen, rnd);
+
+ if (!currentOp.equals(OperationWithAction.OPBLOCK_NO_FAILOVER)) {
+ // Failover to the second server and run the block again
+ server2.invoke(() -> ClientAuthorizationTestCase.createCacheServer(getLocatorPort(), port2, serverProps, javaProps ));
+ server1.invoke(() -> closeCache());
+
+ executeOpBlock(opBlock, port1, port2, authInit, extraAuthProps, extraAuthzProps, tgen, rnd);
+ }
+
+ opBlock.clear();
+ }
+
+ } else {
+ currentOp.setOpNum(opNum);
+ opBlock.add(currentOp);
+ }
+ }
+ }
+
+ @Override
+ protected final void executeOpBlock(final List<OperationWithAction> opBlock, final int port1, final int port2, final String authInit, final Properties extraAuthProps, final Properties extraAuthzProps, final TestCredentialGenerator credentialGenerator, final Random random) throws InterruptedException {
+ for (Iterator<OperationWithAction> opIter = opBlock.iterator(); opIter.hasNext();) {
+ // Start client with valid credentials as specified in OperationWithAction
+ OperationWithAction currentOp = opIter.next();
+ OperationCode opCode = currentOp.getOperationCode();
+ int opFlags = currentOp.getFlags();
+ int clientNum = currentOp.getClientNum();
+ VM clientVM = null;
+ boolean useThisVM = false;
+
+ switch (clientNum) {
+ case 1:
+ clientVM = client1;
+ break;
+ case 2:
+ clientVM = client2;
+ break;
+ case 3:
+ useThisVM = true;
+ break;
+ default:
+ fail("executeOpBlock: Unknown client number " + clientNum);
+ break;
+ }
+
+ getLogWriter().info("executeOpBlock: performing operation number [" + currentOp.getOpNum() + "]: " + currentOp);
+
+ if ((opFlags & OpFlags.USE_OLDCONN) == 0) {
+ Properties opCredentials;
+ int newRnd = random.nextInt(100) + 1;
+ String currentRegionName = '/' + regionName;
+ if ((opFlags & OpFlags.USE_SUBREGION) > 0) {
+ currentRegionName += ('/' + SUBREGION_NAME);
+ }
+
+ String credentialsTypeStr;
+ OperationCode authOpCode = currentOp.getAuthzOperationCode();
+ int[] indices = currentOp.getIndices();
+ CredentialGenerator cGen = credentialGenerator.getCredentialGenerator();
+ final Properties javaProps = cGen == null ? null : cGen.getJavaProperties();
+
+ if ((opFlags & OpFlags.CHECK_NOTAUTHZ) > 0 || (opFlags & OpFlags.USE_NOTAUTHZ) > 0) {
+ opCredentials = credentialGenerator.getDisallowedCredentials(new OperationCode[] { authOpCode }, new String[] { currentRegionName }, indices, newRnd);
+ credentialsTypeStr = " unauthorized " + authOpCode;
+
+ } else {
+ opCredentials = credentialGenerator.getAllowedCredentials(new OperationCode[] {opCode, authOpCode }, new String[] { currentRegionName }, indices, newRnd);
+ credentialsTypeStr = " authorized " + authOpCode;
+ }
+
+ Properties clientProps = concatProperties(new Properties[] { opCredentials, extraAuthProps, extraAuthzProps });
+
+ // Start the client with valid credentials but allowed or disallowed to perform an operation
+ getLogWriter().info("executeOpBlock: For client" + clientNum + credentialsTypeStr + " credentials: " + opCredentials);
+ boolean setupDynamicRegionFactory = (opFlags & OpFlags.ENABLE_DRF) > 0;
+ if (useThisVM) {
+ createCacheClient(authInit, clientProps, javaProps, new int[] { port1, port2 }, 0, setupDynamicRegionFactory, NO_EXCEPTION);
+
+ } else {
+ clientVM.invoke(() -> createCacheClient(authInit, clientProps, javaProps, new int[] { port1, port2 }, 0, setupDynamicRegionFactory, NO_EXCEPTION));
+ }
+ }
+
+ int expectedResult;
+ if ((opFlags & OpFlags.CHECK_NOTAUTHZ) > 0) {
+ expectedResult = NOTAUTHZ_EXCEPTION;
+ } else if ((opFlags & OpFlags.CHECK_EXCEPTION) > 0) {
+ expectedResult = OTHER_EXCEPTION;
+ } else {
+ expectedResult = NO_EXCEPTION;
+ }
+
+ // Perform the operation from selected client
+ if (useThisVM) {
+ doOp(opCode, currentOp.getIndices(), new Integer(
+ opFlags), new Integer(expectedResult));
+ }
+ else {
+ int[] indices = currentOp.getIndices();
+ clientVM.invoke(() -> DeltaClientPostAuthorizationDUnitTest.doOp(opCode,
+ indices, new Integer(opFlags),
+ new Integer(expectedResult) ));
+ }
+ }
+ }
+
+ private void setUpDeltas() {
+ for (int i = 0; i < 8; i++) {
+ deltas[i] = new DeltaTestImpl(0, "0", new Double(0), new byte[0], new PartitionedRegionLocalMaxMemoryDUnitTest.TestObject1("0", 0));
+ }
+ deltas[1].setIntVar(5);
+ deltas[2].setIntVar(5);
+ deltas[3].setIntVar(5);
+ deltas[4].setIntVar(5);
+ deltas[5].setIntVar(5);
+ deltas[6].setIntVar(5);
+ deltas[7].setIntVar(5);
+
+ deltas[2].resetDeltaStatus();
+ deltas[2].setByteArr(new byte[] { 1, 2, 3, 4, 5 });
+ deltas[3].setByteArr(new byte[] { 1, 2, 3, 4, 5 });
+ deltas[4].setByteArr(new byte[] { 1, 2, 3, 4, 5 });
+ deltas[5].setByteArr(new byte[] { 1, 2, 3, 4, 5 });
+ //deltas[6].setByteArr(new byte[] { 1, 2, 3, 4, 5 });
+ //deltas[7].setByteArr(new byte[] { 1, 2, 3, 4, 5 });
+
+ deltas[3].resetDeltaStatus();
+ deltas[3].setDoubleVar(new Double(5));
+ deltas[4].setDoubleVar(new Double(5));
+ deltas[5].setDoubleVar(new Double(5));
+ deltas[6].setDoubleVar(new Double(5));
+ deltas[7].setDoubleVar(new Double(5));
+
+ deltas[4].resetDeltaStatus();
+ deltas[4].setStr("str changed");
+ deltas[5].setStr("str changed");
+ deltas[6].setStr("str changed");
+ //deltas[7].setStr("str changed");
+
+ deltas[5].resetDeltaStatus();
+ deltas[5].setIntVar(100);
+ deltas[5].setTestObj(new PartitionedRegionLocalMaxMemoryDUnitTest.TestObject1("CHANGED", 100));
+ deltas[6].setTestObj(new PartitionedRegionLocalMaxMemoryDUnitTest.TestObject1("CHANGED", 100));
+ deltas[7].setTestObj(new PartitionedRegionLocalMaxMemoryDUnitTest.TestObject1("CHANGED", 100));
+
+ deltas[6].resetDeltaStatus();
+ deltas[6].setByteArr(new byte[] { 1, 2, 3 });
+ deltas[7].setByteArr(new byte[] { 1, 2, 3 });
+
+ deltas[7].resetDeltaStatus();
+ deltas[7].setStr("delta string");
+ }
+
+ private OperationWithAction[] allOps() {
+ return new OperationWithAction[] {
+ // Test CREATE and verify with a GET
+ new OperationWithAction(OperationCode.REGISTER_INTEREST, OperationCode.GET, 2, OpFlags.USE_REGEX | OpFlags.REGISTER_POLICY_NONE, 8),
+ new OperationWithAction(OperationCode.REGISTER_INTEREST, OperationCode.GET, 3, OpFlags.USE_REGEX | OpFlags.REGISTER_POLICY_NONE | OpFlags.USE_NOTAUTHZ, 8),
+ new OperationWithAction(OperationCode.PUT),
+ new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP, 4),
+ new OperationWithAction(OperationCode.GET, 3, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP | OpFlags.CHECK_FAIL, 4),
+
+ // OPBLOCK_END indicates end of an operation block that needs to be executed on each server when doing failover
+ OperationWithAction.OPBLOCK_END,
+
+ // Test UPDATE and verify with a GET
+ new OperationWithAction(OperationCode.REGISTER_INTEREST, OperationCode.GET, 2, OpFlags.USE_REGEX | OpFlags.REGISTER_POLICY_NONE, 8),
+ new OperationWithAction(OperationCode.REGISTER_INTEREST, OperationCode.GET, 3, OpFlags.USE_REGEX | OpFlags.REGISTER_POLICY_NONE | OpFlags.USE_NOTAUTHZ, 8),
+ new OperationWithAction(OperationCode.PUT, 1, OpFlags.USE_OLDCONN | OpFlags.USE_NEWVAL, 4),
+ new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP | OpFlags.USE_NEWVAL, 4),
+ new OperationWithAction(OperationCode.GET, 3, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP | OpFlags.USE_NEWVAL | OpFlags.CHECK_FAIL, 4),
+
+ OperationWithAction.OPBLOCK_END
+ };
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/GemFireSecurityExceptionTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/GemFireSecurityExceptionTest.java b/geode-core/src/test/java/org/apache/geode/security/GemFireSecurityExceptionTest.java
new file mode 100644
index 0000000..5aa01ff
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/GemFireSecurityExceptionTest.java
@@ -0,0 +1,169 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import static com.googlecode.catchexception.CatchException.*;
+import static org.assertj.core.api.Assertions.*;
+
+import java.io.NotSerializableException;
+import java.io.Serializable;
+import javax.naming.NamingException;
+
+import org.apache.commons.lang.SerializationUtils;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.junit.rules.TestName;
+
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+import com.gemstone.gemfire.test.junit.categories.UnitTest;
+
+/**
+ * Unit tests for {@link GemFireSecurityException}.
+ */
+@Category({ UnitTest.class, SecurityTest.class })
+public class GemFireSecurityExceptionTest {
+
+ private String message;
+ private String causeMessage;
+ private Object nonSerializableResolvedObj;
+ private NamingException nonSerializableNamingException;
+ private SerializableObject serializableResolvedObj;
+ private NamingException serializableNamingException;
+
+ @Rule
+ public TestName testName = new TestName();
+
+ @Before
+ public void setUp() throws Exception {
+ this.message = testName.getMethodName() + " message";
+ this.causeMessage = testName.getMethodName() + " cause message";
+
+ this.nonSerializableResolvedObj = new Object();
+ this.nonSerializableNamingException = new NamingException(this.causeMessage);
+ this.nonSerializableNamingException.setResolvedObj(this.nonSerializableResolvedObj);
+
+ this.serializableResolvedObj = new SerializableObject(this.testName.getMethodName());
+ this.serializableNamingException = new NamingException(this.causeMessage);
+ this.serializableNamingException.setResolvedObj(this.serializableResolvedObj);
+
+ assertPreConditions();
+ }
+
+ private void assertPreConditions() {
+ catchException(this).clone(this.nonSerializableNamingException);
+ assertThat((Throwable)caughtException()).isNotNull();
+ assertThat((Throwable)caughtException().getCause()).isInstanceOf(NotSerializableException.class);
+
+ catchException(this).clone(this.serializableNamingException);
+ assertThat((Throwable)caughtException()).isNull();
+
+ assertThat(this.nonSerializableResolvedObj).isNotInstanceOf(Serializable.class);
+
+ catchException(this).clone(this.serializableResolvedObj);
+ assertThat((Throwable)caughtException()).isNull();
+ }
+
+ @Test
+ public void isSerializable() throws Exception {
+ assertThat(GemFireSecurityException.class).isInstanceOf(Serializable.class);
+ }
+
+ @Test
+ public void serializes() throws Exception {
+ GemFireSecurityException instance = new GemFireSecurityException(this.message);
+
+ GemFireSecurityException cloned = (GemFireSecurityException) SerializationUtils.clone(instance);
+
+ assertThat(cloned).hasMessage(this.message);
+ }
+
+ @Test
+ public void serializesWithThrowable() throws Exception {
+ Throwable cause = new Exception(this.causeMessage);
+ GemFireSecurityException instance = new GemFireSecurityException(this.message, cause);
+
+ GemFireSecurityException cloned = (GemFireSecurityException) SerializationUtils.clone(instance);
+
+ assertThat(cloned).hasMessage(this.message).hasCause(cause);
+ assertThat(cloned.getCause()).hasMessage(this.causeMessage);
+ }
+
+ @Test
+ public void serializesWithNonSerializableNamingException() throws Exception {
+ GemFireSecurityException instance = new GemFireSecurityException(this.message, this.nonSerializableNamingException);
+
+ GemFireSecurityException cloned = (GemFireSecurityException) SerializationUtils.clone(instance);
+
+ assertThat(cloned).hasMessage(this.message).hasCause(this.nonSerializableNamingException);
+ NamingException cause = (NamingException) cloned.getCause();
+ assertThat(cause).hasMessage(this.causeMessage);
+ assertThat(cause.getResolvedObj()).isNull();
+ }
+
+ @Test
+ public void serializesWithSerializableNamingException() throws Exception {
+ GemFireSecurityException instance = new GemFireSecurityException(this.message, this.serializableNamingException);
+
+ GemFireSecurityException cloned = (GemFireSecurityException) SerializationUtils.clone(instance);
+
+ assertThat(cloned).hasMessage(this.message).hasCause(this.serializableNamingException);
+ NamingException cause = (NamingException) cloned.getCause();
+ assertThat(cause).hasMessage(this.causeMessage);
+ assertThat(cause.getResolvedObj()).isNotNull().isEqualTo(this.serializableResolvedObj);
+ }
+
+ @Test
+ public void isSerializableReturnsTrueForSerializableClass() throws Exception {
+ assertThat(new GemFireSecurityException("").isSerializable(this.serializableResolvedObj)).isTrue();
+ }
+
+ @Test
+ public void isSerializableReturnsFalseForNonSerializableClass() throws Exception {
+ assertThat(new GemFireSecurityException("").isSerializable(this.nonSerializableResolvedObj)).isFalse();
+ }
+
+ public Object clone(final Serializable object) {
+ return SerializationUtils.clone(object);
+ }
+
+ public static class SerializableObject implements Serializable {
+
+ private String name;
+
+ SerializableObject(String name) {
+ this.name = name;
+ }
+
+ @Override
+ public boolean equals(Object o) {
+ if (this == o) return true;
+ if (o == null || getClass() != o.getClass()) return false;
+
+ SerializableObject that = (SerializableObject) o;
+
+ return name != null ? name.equals(that.name) : that.name == null;
+
+ }
+
+ @Override
+ public int hashCode() {
+ return name != null ? name.hashCode() : 0;
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/IntegratedClientAuthDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/IntegratedClientAuthDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/IntegratedClientAuthDUnitTest.java
new file mode 100644
index 0000000..73bfcb4
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/IntegratedClientAuthDUnitTest.java
@@ -0,0 +1,64 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import static com.googlecode.catchexception.CatchException.*;
+import static org.assertj.core.api.Assertions.*;
+
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import com.gemstone.gemfire.cache.client.ClientCache;
+import com.gemstone.gemfire.cache.client.ClientCacheFactory;
+import com.gemstone.gemfire.cache.client.ClientRegionFactory;
+import com.gemstone.gemfire.cache.client.ClientRegionShortcut;
+import com.gemstone.gemfire.test.dunit.IgnoredException;
+import com.gemstone.gemfire.test.junit.categories.DistributedTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+
+@Category({ DistributedTest.class, SecurityTest.class })
+public class IntegratedClientAuthDUnitTest extends AbstractSecureServerDUnitTest {
+
+ @Test
+ public void authWithCorrectPasswordShouldPass() {
+ client1.invoke("logging in super-user with correct password", () -> {
+ ClientCache cache = new ClientCacheFactory(createClientProperties("super-user", "1234567")).setPoolSubscriptionEnabled(true)
+ .addPoolServer("localhost", serverPort)
+ .create();
+
+ ClientRegionFactory<String, String> crf = cache.createClientRegionFactory(ClientRegionShortcut.PROXY);
+
+ crf.create(REGION_NAME);
+ });
+ }
+
+ @Test
+ public void authWithIncorrectPasswordShouldFail() {
+ IgnoredException.addIgnoredException(AuthenticationFailedException.class.getName());
+
+ client2.invoke("logging in super-user with wrong password", () -> {
+ AuthenticationFailedException expected = new AuthenticationFailedException("Authentication error. Please check your credentials.");
+
+ catchException(new ClientCacheFactory(createClientProperties("super-user", "wrong")).setPoolSubscriptionEnabled(true)
+ .addPoolServer("localhost", serverPort))
+ .create();
+ assertThat((Throwable) caughtException()).hasCause(expected);
+ });
+ }
+}
+
+
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/IntegratedClientContainsKeyAuthDistributedTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/IntegratedClientContainsKeyAuthDistributedTest.java b/geode-core/src/test/java/org/apache/geode/security/IntegratedClientContainsKeyAuthDistributedTest.java
new file mode 100644
index 0000000..336cf87
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/IntegratedClientContainsKeyAuthDistributedTest.java
@@ -0,0 +1,55 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import static org.junit.Assert.*;
+
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import com.gemstone.gemfire.cache.Region;
+import com.gemstone.gemfire.cache.client.ClientCache;
+import com.gemstone.gemfire.test.dunit.AsyncInvocation;
+import com.gemstone.gemfire.test.junit.categories.DistributedTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+
+@Category({ DistributedTest.class, SecurityTest.class })
+public class IntegratedClientContainsKeyAuthDistributedTest extends AbstractSecureServerDUnitTest {
+
+ @Test
+ public void testContainsKey() throws InterruptedException {
+ AsyncInvocation ai1 = client1.invokeAsync(() -> {
+ ClientCache cache = createClientCache("key1User", "1234567", serverPort);
+ final Region region = cache.getRegion(REGION_NAME);
+ assertTrue(region.containsKeyOnServer("key1"));
+ assertNotAuthorized(() -> region.containsKeyOnServer("key3"), "DATA:READ:AuthRegion:key3");
+ });
+
+ AsyncInvocation ai2 = client2.invokeAsync(() -> {
+ ClientCache cache = createClientCache("authRegionReader", "1234567", serverPort);
+ final Region region = cache.getRegion(REGION_NAME);
+ region.containsKeyOnServer("key3");
+ assertTrue(region.containsKeyOnServer("key1"));
+ });
+
+ ai1.join();
+ ai2.join();
+ ai1.checkException();
+ ai2.checkException();
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/IntegratedClientDestroyInvalidateAuthDistributedTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/IntegratedClientDestroyInvalidateAuthDistributedTest.java b/geode-core/src/test/java/org/apache/geode/security/IntegratedClientDestroyInvalidateAuthDistributedTest.java
new file mode 100644
index 0000000..e811d86
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/IntegratedClientDestroyInvalidateAuthDistributedTest.java
@@ -0,0 +1,84 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import static org.junit.Assert.*;
+
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import com.gemstone.gemfire.cache.Region;
+import com.gemstone.gemfire.cache.client.ClientCache;
+import com.gemstone.gemfire.cache.client.ClientCacheFactory;
+import com.gemstone.gemfire.cache.client.ClientRegionShortcut;
+import com.gemstone.gemfire.test.dunit.AsyncInvocation;
+import com.gemstone.gemfire.test.junit.categories.DistributedTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+
+@Category({ DistributedTest.class, SecurityTest.class })
+public class IntegratedClientDestroyInvalidateAuthDistributedTest extends AbstractSecureServerDUnitTest {
+
+ @Test
+ public void testDestroyInvalidate() throws InterruptedException {
+
+ // Delete one key and invalidate another key with an authorized user.
+ AsyncInvocation ai1 = client1.invokeAsync(() -> {
+ ClientCache cache = new ClientCacheFactory(createClientProperties("dataUser", "1234567")).setPoolSubscriptionEnabled(true)
+ .addPoolServer("localhost", serverPort)
+ .create();
+
+ Region region = cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME);
+ assertTrue(region.containsKeyOnServer("key1"));
+
+ // Destroy key1
+ region.destroy("key1");
+ assertFalse(region.containsKeyOnServer("key1"));
+
+ // Invalidate key2
+ assertNotNull("Value of key2 should not be null", region.get("key2"));
+ region.invalidate("key2");
+ assertNull("Value of key2 should have been null", region.get("key2"));
+
+ });
+
+ // Delete one key and invalidate another key with an unauthorized user.
+ AsyncInvocation ai2 = client2.invokeAsync(() -> {
+ ClientCache cache = new ClientCacheFactory(createClientProperties("authRegionReader", "1234567")).setPoolSubscriptionEnabled(true)
+ .addPoolServer("localhost", serverPort)
+ .create();
+
+ Region region = cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME);
+
+ assertTrue(region.containsKeyOnServer("key3"));
+
+ // Destroy key1
+ assertNotAuthorized(() -> region.destroy("key3"), "DATA:WRITE:AuthRegion");
+ assertTrue(region.containsKeyOnServer("key3"));
+
+ // Invalidate key2
+ assertNotNull("Value of key4 should not be null", region.get("key4"));
+ assertNotAuthorized(() -> region.invalidate("key4"), "DATA:WRITE:AuthRegion");
+ assertNotNull("Value of key4 should not be null", region.get("key4"));
+ });
+
+ ai1.join();
+ ai2.join();
+ ai1.checkException();
+ ai2.checkException();
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/IntegratedClientDestroyRegionAuthDistributedTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/IntegratedClientDestroyRegionAuthDistributedTest.java b/geode-core/src/test/java/org/apache/geode/security/IntegratedClientDestroyRegionAuthDistributedTest.java
new file mode 100644
index 0000000..adb7c0b
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/IntegratedClientDestroyRegionAuthDistributedTest.java
@@ -0,0 +1,65 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import static org.assertj.core.api.Assertions.*;
+
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import com.gemstone.gemfire.cache.Region;
+import com.gemstone.gemfire.cache.client.ClientCache;
+import com.gemstone.gemfire.cache.client.ClientCacheFactory;
+import com.gemstone.gemfire.cache.client.ClientRegionShortcut;
+import com.gemstone.gemfire.test.junit.categories.DistributedTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+
+@Category({ DistributedTest.class, SecurityTest.class })
+public class IntegratedClientDestroyRegionAuthDistributedTest extends AbstractSecureServerDUnitTest {
+
+ @Test
+ public void testDestroyRegion() throws InterruptedException {
+ client1.invoke(() -> {
+ ClientCache cache = new ClientCacheFactory(createClientProperties("dataWriter", "1234567")).setPoolSubscriptionEnabled(true)
+ .addPoolServer("localhost", serverPort)
+ .create();
+
+ Region region = cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME);
+ assertNotAuthorized(() -> region.destroyRegion(), "DATA:MANAGE");
+ });
+
+ client2.invoke(() -> {
+ ClientCache cache = new ClientCacheFactory(createClientProperties("authRegionManager", "1234567")).setPoolSubscriptionEnabled(true)
+ .addPoolServer("localhost", serverPort)
+ .create();
+
+ Region region = cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME);
+ assertNotAuthorized(() -> region.destroyRegion(), "DATA:MANAGE");
+ });
+
+ client3.invoke(() -> {
+ ClientCache cache = new ClientCacheFactory(createClientProperties("super-user", "1234567")).setPoolSubscriptionEnabled(true)
+ .addPoolServer("localhost", serverPort)
+ .create();
+
+ Region region = cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME);
+ region.destroyRegion();
+ assertThat(region.isDestroyed()).isTrue();
+ });
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/IntegratedClientExecuteFunctionAuthDistributedTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/IntegratedClientExecuteFunctionAuthDistributedTest.java b/geode-core/src/test/java/org/apache/geode/security/IntegratedClientExecuteFunctionAuthDistributedTest.java
new file mode 100644
index 0000000..bf4b027
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/IntegratedClientExecuteFunctionAuthDistributedTest.java
@@ -0,0 +1,61 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import com.gemstone.gemfire.cache.client.ClientCache;
+import com.gemstone.gemfire.cache.execute.Function;
+import com.gemstone.gemfire.cache.execute.FunctionService;
+import com.gemstone.gemfire.cache.execute.ResultCollector;
+import com.gemstone.gemfire.internal.cache.functions.TestFunction;
+import com.gemstone.gemfire.test.junit.categories.DistributedTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+
+@Category({ DistributedTest.class, SecurityTest.class })
+public class IntegratedClientExecuteFunctionAuthDistributedTest extends AbstractSecureServerDUnitTest {
+
+ private final static Function function = new TestFunction(true, TestFunction.TEST_FUNCTION1);
+
+ @Test
+ public void testExecuteRegionFunction() {
+
+ FunctionService.registerFunction(function);
+
+ client1.invoke("logging in with dataReader", () -> {
+ ClientCache cache = createClientCache("dataReader", "1234567", serverPort);
+
+ FunctionService.registerFunction(function);
+ assertNotAuthorized(() -> FunctionService.onServer(cache.getDefaultPool())
+ .withArgs(Boolean.TRUE)
+ .execute(function.getId()), "DATA:WRITE");
+ });
+
+ client2.invoke("logging in with super-user", () -> {
+ ClientCache cache = createClientCache("super-user", "1234567", serverPort);
+
+ FunctionService.registerFunction(function);
+ ResultCollector rc = FunctionService.onServer(cache.getDefaultPool())
+ .withArgs(Boolean.TRUE)
+ .execute(function.getId());
+ rc.getResult();
+ });
+ }
+}
+
+
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/IntegratedClientExecuteRegionFunctionAuthDistributedTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/IntegratedClientExecuteRegionFunctionAuthDistributedTest.java b/geode-core/src/test/java/org/apache/geode/security/IntegratedClientExecuteRegionFunctionAuthDistributedTest.java
new file mode 100644
index 0000000..08425a0
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/IntegratedClientExecuteRegionFunctionAuthDistributedTest.java
@@ -0,0 +1,62 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import com.gemstone.gemfire.cache.client.ClientCache;
+import com.gemstone.gemfire.cache.execute.Function;
+import com.gemstone.gemfire.cache.execute.FunctionService;
+import com.gemstone.gemfire.cache.execute.ResultCollector;
+import com.gemstone.gemfire.internal.cache.functions.TestFunction;
+import com.gemstone.gemfire.test.junit.categories.DistributedTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+
+@Category({ DistributedTest.class, SecurityTest.class })
+public class IntegratedClientExecuteRegionFunctionAuthDistributedTest
+ extends AbstractSecureServerDUnitTest {
+
+ private final static Function function = new TestFunction(true, TestFunction.TEST_FUNCTION1);
+
+ @Test
+ public void testExecuteRegionFunction() {
+
+ FunctionService.registerFunction(function);
+
+ client1.invoke("logging in with dataReader", () -> {
+ ClientCache cache = createClientCache("dataReader", "1234567", serverPort);
+
+ FunctionService.registerFunction(function);
+ assertNotAuthorized(() -> FunctionService.onRegion(cache.getRegion(REGION_NAME))
+ .withArgs(Boolean.TRUE)
+ .execute(function.getId()), "DATA:WRITE");
+ });
+
+ client2.invoke("logging in with super-user", () -> {
+ ClientCache cache = createClientCache("super-user", "1234567", serverPort);
+
+ FunctionService.registerFunction(function);
+ ResultCollector rc = FunctionService.onRegion(cache.getRegion(REGION_NAME))
+ .withArgs(Boolean.TRUE)
+ .execute(function.getId());
+ rc.getResult();
+ });
+ }
+}
+
+
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/IntegratedClientGetAllAuthDistributedTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/IntegratedClientGetAllAuthDistributedTest.java b/geode-core/src/test/java/org/apache/geode/security/IntegratedClientGetAllAuthDistributedTest.java
new file mode 100644
index 0000000..1931633
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/IntegratedClientGetAllAuthDistributedTest.java
@@ -0,0 +1,57 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import static com.gemstone.gemfire.internal.Assert.assertTrue;
+import static org.jgroups.util.Util.*;
+
+import java.util.Arrays;
+import java.util.Map;
+
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import com.gemstone.gemfire.cache.Region;
+import com.gemstone.gemfire.cache.client.ClientCache;
+import com.gemstone.gemfire.test.junit.categories.DistributedTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+
+@Category({ DistributedTest.class, SecurityTest.class })
+public class IntegratedClientGetAllAuthDistributedTest extends AbstractSecureServerDUnitTest {
+
+ @Test
+ public void testGetAll() {
+ client1.invoke("logging in Stranger", () -> {
+ ClientCache cache = createClientCache("stranger", "1234567", serverPort);
+
+ Region region = cache.getRegion(REGION_NAME);
+ Map emptyMap = region.getAll(Arrays.asList("key1", "key2", "key3", "key4"));
+ assertTrue(emptyMap.isEmpty());
+ });
+
+ client2.invoke("logging in authRegionReader", () -> {
+ ClientCache cache = createClientCache("authRegionReader", "1234567", serverPort);
+
+ Region region = cache.getRegion(REGION_NAME);
+ Map filledMap = region.getAll(Arrays.asList("key1", "key2", "key3", "key4"));
+ assertEquals("Map should contain 4 entries", 4, filledMap.size());
+ assertTrue(filledMap.containsKey("key1"));
+ });
+ }
+}
+
+
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/IntegratedClientGetClientPRMetaDataAuthDistributedTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/IntegratedClientGetClientPRMetaDataAuthDistributedTest.java b/geode-core/src/test/java/org/apache/geode/security/IntegratedClientGetClientPRMetaDataAuthDistributedTest.java
new file mode 100644
index 0000000..2f2a013
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/IntegratedClientGetClientPRMetaDataAuthDistributedTest.java
@@ -0,0 +1,66 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import org.junit.Ignore;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import com.gemstone.gemfire.cache.Region;
+import com.gemstone.gemfire.cache.client.ClientCache;
+import com.gemstone.gemfire.cache.client.ClientCacheFactory;
+import com.gemstone.gemfire.cache.client.ClientRegionShortcut;
+import com.gemstone.gemfire.cache.client.internal.ClientMetadataService;
+import com.gemstone.gemfire.internal.cache.GemFireCacheImpl;
+import com.gemstone.gemfire.internal.cache.LocalRegion;
+import com.gemstone.gemfire.test.junit.categories.DistributedTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+
+@Category({ DistributedTest.class, SecurityTest.class })
+public class IntegratedClientGetClientPRMetaDataAuthDistributedTest
+ extends AbstractSecureServerDUnitTest {
+
+ @Test
+ @Ignore("This is not a supported client message")
+ // this would fail sporadically because ServerConnection.isInternalMessage would return true for this message,
+ // and it won't bind the correct subject on the executing thread.
+ public void testGetClientPartitionAttrCmd() {
+ client1.invoke("logging in stranger", () -> {
+ ClientCache cache = new ClientCacheFactory(createClientProperties("stranger", "1234567")).setPoolSubscriptionEnabled(true)
+ .addPoolServer("localhost", serverPort)
+ .create();
+
+ Region region = cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME);
+
+ ClientMetadataService service = ((GemFireCacheImpl) cache).getClientMetadataService();
+ assertNotAuthorized(() -> service.getClientPRMetadata((LocalRegion) cache.getRegion(region.getName())), "CLUSTER:READ");
+ });
+
+ client2.invoke("logging in super-user", () -> {
+ ClientCache cache = new ClientCacheFactory(createClientProperties("super-user", "1234567")).setPoolSubscriptionEnabled(true)
+ .addPoolServer("localhost", serverPort)
+ .create();
+
+ Region region = cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME);
+
+ ClientMetadataService service = ((GemFireCacheImpl) cache).getClientMetadataService();
+ service.getClientPRMetadata((LocalRegion) cache.getRegion(region.getName()));
+ });
+ }
+}
+
+
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/IntegratedClientGetClientPartitionAttrCmdAuthDistributedTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/IntegratedClientGetClientPartitionAttrCmdAuthDistributedTest.java b/geode-core/src/test/java/org/apache/geode/security/IntegratedClientGetClientPartitionAttrCmdAuthDistributedTest.java
new file mode 100644
index 0000000..b18ca98
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/IntegratedClientGetClientPartitionAttrCmdAuthDistributedTest.java
@@ -0,0 +1,52 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import org.junit.Ignore;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import com.gemstone.gemfire.cache.client.ClientCache;
+import com.gemstone.gemfire.cache.client.internal.GetClientPartitionAttributesOp;
+import com.gemstone.gemfire.cache.client.internal.PoolImpl;
+import com.gemstone.gemfire.test.junit.categories.DistributedTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+
+@Category({ DistributedTest.class, SecurityTest.class })
+public class IntegratedClientGetClientPartitionAttrCmdAuthDistributedTest
+ extends AbstractSecureServerDUnitTest {
+
+ @Test
+ @Ignore("This is not a supported client message")
+ // this would fail sporatically because ServerConnection.isInternalMessage would return true for this message,
+ // and it won't bind the correct subject on the executing thread.
+ public void testGetClientPartitionAttrCmd() {
+ client1.invoke("logging in stranger", () -> {
+ ClientCache cache = createClientCache("stranger", "1234567", serverPort);
+
+ assertNotAuthorized(() -> GetClientPartitionAttributesOp.execute((PoolImpl) cache.getDefaultPool(), REGION_NAME), "CLUSTER:READ");
+ });
+
+ client2.invoke("logging in super-user with correct password", () -> {
+ ClientCache cache = createClientCache("super-user", "1234567", serverPort);
+
+ GetClientPartitionAttributesOp.execute((PoolImpl) cache.getDefaultPool(), REGION_NAME);
+ });
+ }
+}
+
+
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/IntegratedClientGetEntryAuthDistributedTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/IntegratedClientGetEntryAuthDistributedTest.java b/geode-core/src/test/java/org/apache/geode/security/IntegratedClientGetEntryAuthDistributedTest.java
new file mode 100644
index 0000000..656659e
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/IntegratedClientGetEntryAuthDistributedTest.java
@@ -0,0 +1,76 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import com.gemstone.gemfire.cache.CacheTransactionManager;
+import com.gemstone.gemfire.cache.Region;
+import com.gemstone.gemfire.cache.client.ClientCache;
+import com.gemstone.gemfire.cache.client.ClientCacheFactory;
+import com.gemstone.gemfire.cache.client.ClientRegionShortcut;
+import com.gemstone.gemfire.test.dunit.AsyncInvocation;
+import com.gemstone.gemfire.test.junit.categories.DistributedTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+
+@Category({ DistributedTest.class, SecurityTest.class })
+public class IntegratedClientGetEntryAuthDistributedTest extends AbstractSecureServerDUnitTest {
+
+ @Test
+ public void testGetEntry() throws InterruptedException {
+ // client1 connects to server as a user not authorized to do any operations
+
+ AsyncInvocation ai1 = client1.invokeAsync(() -> {
+ ClientCache cache = new ClientCacheFactory(createClientProperties("stranger", "1234567")).setPoolSubscriptionEnabled(true)
+ .addPoolServer("localhost", serverPort)
+ .create();
+
+ CacheTransactionManager transactionManager = cache.getCacheTransactionManager();
+ transactionManager.begin();
+ try {
+ Region region = cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME);
+ assertNotAuthorized(() -> region.getEntry("key3"), "DATA:READ:AuthRegion:key3");
+ } finally {
+ transactionManager.commit();
+ }
+
+ });
+
+ AsyncInvocation ai2 = client2.invokeAsync(() -> {
+ ClientCache cache = new ClientCacheFactory(createClientProperties("authRegionReader", "1234567")).setPoolSubscriptionEnabled(true)
+ .addPoolServer("localhost", serverPort)
+ .create();
+
+ CacheTransactionManager transactionManager = cache.getCacheTransactionManager();
+ transactionManager.begin();
+ try {
+ Region region = cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME);
+ region.getEntry("key3");
+ } finally {
+ transactionManager.commit();
+ }
+
+ });
+
+ ai1.join();
+ ai2.join();
+ ai1.checkException();
+ ai2.checkException();
+
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/IntegratedClientGetPutAuthDistributedTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/IntegratedClientGetPutAuthDistributedTest.java b/geode-core/src/test/java/org/apache/geode/security/IntegratedClientGetPutAuthDistributedTest.java
new file mode 100644
index 0000000..6d4374d
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/IntegratedClientGetPutAuthDistributedTest.java
@@ -0,0 +1,116 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import static org.junit.Assert.*;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import com.gemstone.gemfire.cache.Region;
+import com.gemstone.gemfire.cache.client.ClientCache;
+import com.gemstone.gemfire.test.dunit.AsyncInvocation;
+import com.gemstone.gemfire.test.junit.categories.DistributedTest;
+import com.gemstone.gemfire.test.junit.categories.FlakyTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+
+@Category({ DistributedTest.class, SecurityTest.class, FlakyTest.class })
+public class IntegratedClientGetPutAuthDistributedTest extends AbstractSecureServerDUnitTest {
+
+ @Test
+ public void testGetPutAuthorization() throws InterruptedException {
+ Map<String, String> allValues = new HashMap<String, String>();
+ allValues.put("key1", "value1");
+ allValues.put("key2", "value2");
+
+ List<String> keys = new ArrayList<>();
+ keys.add("key1");
+ keys.add("key2");
+
+ // client1 connects to server as a user not authorized to do any operations
+ AsyncInvocation ai1 = client1.invokeAsync(()->{
+ ClientCache cache = createClientCache("stranger", "1234567", serverPort);
+ Region region = cache.getRegion(REGION_NAME);
+
+ assertNotAuthorized(() -> region.put("key3", "value3"), "DATA:WRITE:AuthRegion:key3");
+ assertNotAuthorized(() -> region.get("key3"), "DATA:READ:AuthRegion:key3");
+
+ //putall
+ assertNotAuthorized(() -> region.putAll(allValues), "DATA:WRITE:AuthRegion");
+
+ // not authorized for either keys, get no record back
+ Map keyValues = region.getAll(keys);
+ assertEquals(0, keyValues.size());
+
+ assertNotAuthorized(() -> region.keySetOnServer(), "DATA:READ:AuthRegion");
+ });
+
+
+ // client2 connects to user as a user authorized to use AuthRegion region
+ AsyncInvocation ai2 = client2.invokeAsync(()->{
+ ClientCache cache = createClientCache("authRegionUser", "1234567", serverPort);
+ Region region = cache.getRegion(REGION_NAME);
+
+ region.put("key3", "value3");
+ assertEquals("value3", region.get("key3"));
+
+ // put all
+ region.putAll(allValues);
+
+ // get all
+ Map keyValues = region.getAll(keys);
+ assertEquals(2, keyValues.size());
+
+ // keyset
+ Set keySet = region.keySetOnServer();
+ assertEquals(5, keySet.size());
+ });
+
+ // client3 connects to user as a user authorized to use key1 in AuthRegion region
+ AsyncInvocation ai3 = client3.invokeAsync(()->{
+ ClientCache cache = createClientCache("key1User", "1234567", serverPort);
+ Region region = cache.getRegion(REGION_NAME);
+
+ assertNotAuthorized(() -> region.put("key2", "value1"), "DATA:WRITE:AuthRegion:key2");
+ assertNotAuthorized(() -> region.get("key2"), "DATA:READ:AuthRegion:key2");
+
+ assertNotAuthorized(() -> region.putAll(allValues), "DATA:WRITE:AuthRegion");
+
+ // only authorized for one recrod
+ Map keyValues = region.getAll(keys);
+ assertEquals(1, keyValues.size());
+
+ // keyset
+ assertNotAuthorized(() -> region.keySetOnServer(), "DATA:READ:AuthRegion");
+ });
+
+ ai1.join();
+ ai2.join();
+ ai3.join();
+
+ ai1.checkException();
+ ai2.checkException();
+ ai3.checkException();
+ }
+
+}
[15/15] incubator-geode git commit: GEODE-37 Renamed security related
stuff
Posted by hi...@apache.org.
GEODE-37 Renamed security related stuff
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/9d7a6960
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/9d7a6960
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/9d7a6960
Branch: refs/heads/feature/GEODE-37_2
Commit: 9d7a6960afedd8991fd6be44e4ca10a0b43b59ce
Parents: 7c20e69
Author: Hitesh Khamesra <hk...@pivotal.io>
Authored: Tue Sep 13 15:56:14 2016 -0700
Committer: Hitesh Khamesra <hk...@pivotal.io>
Committed: Tue Sep 13 15:56:14 2016 -0700
----------------------------------------------------------------------
.../gemfire/security/AccessControl.java | 105 -
.../gemfire/security/AuthInitialize.java | 97 -
.../security/AuthenticationFailedException.java | 53 -
.../AuthenticationRequiredException.java | 53 -
.../gemfire/security/Authenticator.java | 96 -
.../security/GemFireSecurityException.java | 132 --
.../security/NotAuthorizedException.java | 134 --
.../com/gemstone/gemfire/security/package.html | 39 -
.../apache/geode/security/AccessControl.java | 105 +
.../apache/geode/security/AuthInitialize.java | 97 +
.../security/AuthenticationFailedException.java | 53 +
.../AuthenticationRequiredException.java | 53 +
.../apache/geode/security/Authenticator.java | 96 +
.../security/GemFireSecurityException.java | 132 ++
.../geode/security/NotAuthorizedException.java | 134 ++
.../java/org/apache/geode/security/package.html | 39 +
.../security/AbstractSecureServerDUnitTest.java | 162 --
.../security/ClientAuthenticationDUnitTest.java | 90 -
.../ClientAuthenticationPart2DUnitTest.java | 76 -
.../security/ClientAuthenticationTestCase.java | 562 -----
.../security/ClientAuthenticationTestUtils.java | 90 -
.../security/ClientAuthorizationDUnitTest.java | 647 ------
.../security/ClientAuthorizationTestCase.java | 1325 ------------
.../security/ClientMultiUserAuthzDUnitTest.java | 345 ----
.../DeltaClientAuthorizationDUnitTest.java | 201 --
.../DeltaClientPostAuthorizationDUnitTest.java | 284 ---
.../security/GemFireSecurityExceptionTest.java | 169 --
.../security/IntegratedClientAuthDUnitTest.java | 64 -
...tedClientContainsKeyAuthDistributedTest.java | 55 -
...entDestroyInvalidateAuthDistributedTest.java | 84 -
...dClientDestroyRegionAuthDistributedTest.java | 65 -
...lientExecuteFunctionAuthDistributedTest.java | 61 -
...xecuteRegionFunctionAuthDistributedTest.java | 62 -
...tegratedClientGetAllAuthDistributedTest.java | 57 -
...tGetClientPRMetaDataAuthDistributedTest.java | 66 -
...ientPartitionAttrCmdAuthDistributedTest.java | 52 -
...gratedClientGetEntryAuthDistributedTest.java | 76 -
...tegratedClientGetPutAuthDistributedTest.java | 116 --
...tedClientRegionClearAuthDistributedTest.java | 63 -
...ientRegisterInterestAuthDistributedTest.java | 164 --
...ratedClientRemoveAllAuthDistributedTest.java | 65 -
...IntegratedClientSizeAuthDistributedTest.java | 54 -
...ntUnregisterInterestAuthDistributedTest.java | 48 -
...edSecurityCacheLifecycleDistributedTest.java | 134 --
...edSecurityCacheLifecycleIntegrationTest.java | 74 -
...tegratedSecurityPeerAuthDistributedTest.java | 146 --
.../security/NoShowValue1PostProcessor.java | 36 -
.../NoShowValue1PostProcessorDUnitTest.java | 86 -
.../security/NotAuthorizedExceptionTest.java | 200 --
.../security/P2PAuthenticationDUnitTest.java | 541 -----
.../PDXGfshPostProcessorOnRemoteServerTest.java | 159 --
.../gemfire/security/PDXPostProcessor.java | 60 -
.../security/PDXPostProcessorDUnitTest.java | 233 ---
.../security/PostProcessorDUnitTest.java | 126 --
.../gemfire/security/SecurityTestUtils.java | 1930 ------------------
.../gemfire/security/SpySecurityManager.java | 42 -
.../generator/AuthzCredentialGenerator.java | 447 ----
.../security/generator/CredentialGenerator.java | 333 ---
.../DummyAuthzCredentialGenerator.java | 129 --
.../generator/DummyCredentialGenerator.java | 89 -
.../generator/LdapUserCredentialGenerator.java | 165 --
.../generator/PKCSCredentialGenerator.java | 115 --
.../generator/SSLCredentialGenerator.java | 123 --
.../UserPasswordWithExtraPropsAuthInit.java | 70 -
.../generator/XmlAuthzCredentialGenerator.java | 257 ---
.../security/templates/DummyAuthenticator.java | 75 -
.../security/templates/DummyAuthorization.java | 122 --
.../templates/FunctionSecurityPrmsHolder.java | 50 -
.../templates/LdapUserAuthenticator.java | 107 -
.../security/templates/PKCSAuthInit.java | 120 --
.../security/templates/PKCSAuthenticator.java | 158 --
.../security/templates/PKCSPrincipal.java | 40 -
.../security/templates/PKCSPrincipalTest.java | 50 -
.../templates/UserPasswordAuthInit.java | 75 -
.../security/templates/UsernamePrincipal.java | 44 -
.../templates/UsernamePrincipalTest.java | 50 -
.../security/templates/XmlAuthorization.java | 615 ------
.../security/templates/XmlErrorHandler.java | 75 -
.../security/AbstractSecureServerDUnitTest.java | 162 ++
.../security/ClientAuthenticationDUnitTest.java | 90 +
.../ClientAuthenticationPart2DUnitTest.java | 76 +
.../security/ClientAuthenticationTestCase.java | 562 +++++
.../security/ClientAuthenticationTestUtils.java | 90 +
.../security/ClientAuthorizationDUnitTest.java | 647 ++++++
.../security/ClientAuthorizationTestCase.java | 1325 ++++++++++++
.../security/ClientMultiUserAuthzDUnitTest.java | 345 ++++
.../DeltaClientAuthorizationDUnitTest.java | 201 ++
.../DeltaClientPostAuthorizationDUnitTest.java | 284 +++
.../security/GemFireSecurityExceptionTest.java | 169 ++
.../security/IntegratedClientAuthDUnitTest.java | 64 +
...tedClientContainsKeyAuthDistributedTest.java | 55 +
...entDestroyInvalidateAuthDistributedTest.java | 84 +
...dClientDestroyRegionAuthDistributedTest.java | 65 +
...lientExecuteFunctionAuthDistributedTest.java | 61 +
...xecuteRegionFunctionAuthDistributedTest.java | 62 +
...tegratedClientGetAllAuthDistributedTest.java | 57 +
...tGetClientPRMetaDataAuthDistributedTest.java | 66 +
...ientPartitionAttrCmdAuthDistributedTest.java | 52 +
...gratedClientGetEntryAuthDistributedTest.java | 76 +
...tegratedClientGetPutAuthDistributedTest.java | 116 ++
...tedClientRegionClearAuthDistributedTest.java | 63 +
...ientRegisterInterestAuthDistributedTest.java | 164 ++
...ratedClientRemoveAllAuthDistributedTest.java | 65 +
...IntegratedClientSizeAuthDistributedTest.java | 54 +
...ntUnregisterInterestAuthDistributedTest.java | 48 +
...edSecurityCacheLifecycleDistributedTest.java | 134 ++
...edSecurityCacheLifecycleIntegrationTest.java | 74 +
...tegratedSecurityPeerAuthDistributedTest.java | 146 ++
.../security/NoShowValue1PostProcessor.java | 36 +
.../NoShowValue1PostProcessorDUnitTest.java | 86 +
.../security/NotAuthorizedExceptionTest.java | 200 ++
.../security/P2PAuthenticationDUnitTest.java | 541 +++++
.../PDXGfshPostProcessorOnRemoteServerTest.java | 159 ++
.../apache/geode/security/PDXPostProcessor.java | 60 +
.../security/PDXPostProcessorDUnitTest.java | 233 +++
.../geode/security/PostProcessorDUnitTest.java | 126 ++
.../geode/security/SecurityTestUtils.java | 1930 ++++++++++++++++++
.../geode/security/SpySecurityManager.java | 42 +
.../generator/AuthzCredentialGenerator.java | 447 ++++
.../security/generator/CredentialGenerator.java | 333 +++
.../DummyAuthzCredentialGenerator.java | 129 ++
.../generator/DummyCredentialGenerator.java | 89 +
.../generator/LdapUserCredentialGenerator.java | 165 ++
.../generator/PKCSCredentialGenerator.java | 115 ++
.../generator/SSLCredentialGenerator.java | 123 ++
.../UserPasswordWithExtraPropsAuthInit.java | 70 +
.../generator/XmlAuthzCredentialGenerator.java | 257 +++
.../security/templates/DummyAuthenticator.java | 75 +
.../security/templates/DummyAuthorization.java | 122 ++
.../templates/FunctionSecurityPrmsHolder.java | 50 +
.../templates/LdapUserAuthenticator.java | 107 +
.../geode/security/templates/PKCSAuthInit.java | 120 ++
.../security/templates/PKCSAuthenticator.java | 158 ++
.../geode/security/templates/PKCSPrincipal.java | 40 +
.../security/templates/PKCSPrincipalTest.java | 50 +
.../templates/UserPasswordAuthInit.java | 75 +
.../security/templates/UsernamePrincipal.java | 44 +
.../templates/UsernamePrincipalTest.java | 50 +
.../security/templates/XmlAuthorization.java | 615 ++++++
.../security/templates/XmlErrorHandler.java | 75 +
.../gemfire/security/generator/authz-dummy.xml | 124 --
.../gemfire/security/generator/authz-ldap.xml | 83 -
.../generator/authz-multiUser-dummy.xml | 104 -
.../security/generator/authz-multiUser-ldap.xml | 81 -
.../security/generator/keys/gemfire1.keystore | Bin 1536 -> 0 bytes
.../security/generator/keys/gemfire10.keystore | Bin 1546 -> 0 bytes
.../security/generator/keys/gemfire11.keystore | Bin 1546 -> 0 bytes
.../security/generator/keys/gemfire2.keystore | Bin 1536 -> 0 bytes
.../security/generator/keys/gemfire3.keystore | Bin 1536 -> 0 bytes
.../security/generator/keys/gemfire4.keystore | Bin 1536 -> 0 bytes
.../security/generator/keys/gemfire5.keystore | Bin 1536 -> 0 bytes
.../security/generator/keys/gemfire6.keystore | Bin 1536 -> 0 bytes
.../security/generator/keys/gemfire7.keystore | Bin 1536 -> 0 bytes
.../security/generator/keys/gemfire8.keystore | Bin 1536 -> 0 bytes
.../security/generator/keys/gemfire9.keystore | Bin 1536 -> 0 bytes
.../generator/keys/ibm/gemfire1.keystore | Bin 1426 -> 0 bytes
.../generator/keys/ibm/gemfire10.keystore | Bin 1434 -> 0 bytes
.../generator/keys/ibm/gemfire11.keystore | Bin 1434 -> 0 bytes
.../generator/keys/ibm/gemfire2.keystore | Bin 1434 -> 0 bytes
.../generator/keys/ibm/gemfire3.keystore | Bin 1426 -> 0 bytes
.../generator/keys/ibm/gemfire4.keystore | Bin 1434 -> 0 bytes
.../generator/keys/ibm/gemfire5.keystore | Bin 1434 -> 0 bytes
.../generator/keys/ibm/gemfire6.keystore | Bin 1434 -> 0 bytes
.../generator/keys/ibm/gemfire7.keystore | Bin 1426 -> 0 bytes
.../generator/keys/ibm/gemfire8.keystore | Bin 1434 -> 0 bytes
.../generator/keys/ibm/gemfire9.keystore | Bin 1426 -> 0 bytes
.../security/generator/keys/ibm/publickeyfile | Bin 4535 -> 0 bytes
.../security/generator/keys/publickeyfile | Bin 4535 -> 0 bytes
.../com/gemstone/gemfire/security/peerAuth.json | 36 -
.../gemfire/security/templates/authz5_5.dtd | 105 -
.../gemfire/security/templates/authz6_0.dtd | 110 -
.../geode/security/generator/authz-dummy.xml | 124 ++
.../geode/security/generator/authz-ldap.xml | 83 +
.../generator/authz-multiUser-dummy.xml | 104 +
.../security/generator/authz-multiUser-ldap.xml | 81 +
.../security/generator/keys/gemfire1.keystore | Bin 0 -> 1536 bytes
.../security/generator/keys/gemfire10.keystore | Bin 0 -> 1546 bytes
.../security/generator/keys/gemfire11.keystore | Bin 0 -> 1546 bytes
.../security/generator/keys/gemfire2.keystore | Bin 0 -> 1536 bytes
.../security/generator/keys/gemfire3.keystore | Bin 0 -> 1536 bytes
.../security/generator/keys/gemfire4.keystore | Bin 0 -> 1536 bytes
.../security/generator/keys/gemfire5.keystore | Bin 0 -> 1536 bytes
.../security/generator/keys/gemfire6.keystore | Bin 0 -> 1536 bytes
.../security/generator/keys/gemfire7.keystore | Bin 0 -> 1536 bytes
.../security/generator/keys/gemfire8.keystore | Bin 0 -> 1536 bytes
.../security/generator/keys/gemfire9.keystore | Bin 0 -> 1536 bytes
.../generator/keys/ibm/gemfire1.keystore | Bin 0 -> 1426 bytes
.../generator/keys/ibm/gemfire10.keystore | Bin 0 -> 1434 bytes
.../generator/keys/ibm/gemfire11.keystore | Bin 0 -> 1434 bytes
.../generator/keys/ibm/gemfire2.keystore | Bin 0 -> 1434 bytes
.../generator/keys/ibm/gemfire3.keystore | Bin 0 -> 1426 bytes
.../generator/keys/ibm/gemfire4.keystore | Bin 0 -> 1434 bytes
.../generator/keys/ibm/gemfire5.keystore | Bin 0 -> 1434 bytes
.../generator/keys/ibm/gemfire6.keystore | Bin 0 -> 1434 bytes
.../generator/keys/ibm/gemfire7.keystore | Bin 0 -> 1426 bytes
.../generator/keys/ibm/gemfire8.keystore | Bin 0 -> 1434 bytes
.../generator/keys/ibm/gemfire9.keystore | Bin 0 -> 1426 bytes
.../security/generator/keys/ibm/publickeyfile | Bin 0 -> 4535 bytes
.../geode/security/generator/keys/publickeyfile | Bin 0 -> 4535 bytes
.../org/apache/geode/security/peerAuth.json | 36 +
.../geode/security/templates/authz5_5.dtd | 105 +
.../geode/security/templates/authz6_0.dtd | 110 +
202 files changed, 13531 insertions(+), 13531 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/com/gemstone/gemfire/security/AccessControl.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/AccessControl.java b/geode-core/src/main/java/com/gemstone/gemfire/security/AccessControl.java
deleted file mode 100644
index 3d22864..0000000
--- a/geode-core/src/main/java/com/gemstone/gemfire/security/AccessControl.java
+++ /dev/null
@@ -1,105 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.gemstone.gemfire.security;
-
-import java.security.Principal;
-
-import com.gemstone.gemfire.cache.Cache;
-import com.gemstone.gemfire.cache.CacheCallback;
-import com.gemstone.gemfire.cache.operations.OperationContext;
-import com.gemstone.gemfire.distributed.DistributedMember;
-
-/**
- * Specifies the interface to authorize operations at the cache or region level
- * for clients or servers. Implementations should register name of the static
- * creation function as the <code>security-client-accessor</code> system
- * property with all the servers uniformly in the distributed system for client
- * authorization. When the <code>security-client-accessor-pp</code> property
- * is set then the callback mentioned is invoked after the operation completes
- * successfully and when sending notifications.
- *
- * When the registration has been done for a client/peer then an object of this
- * class is created for each connection from the client/peer and the
- * <code>authorizeOperation</code> method invoked before/after each operation.
- *
- * @since GemFire 5.5
- *
- * @deprecated since Geode 1.0, use {@link SecurityManager} instead
- */
-public interface AccessControl extends CacheCallback {
-
- /**
- * Initialize the callback for a client/peer having the given principal.
- *
- * This is invoked when a new connection from a client/peer is created with
- * the host. The callback is expected to store authentication information of
- * the given principal for the different regions for maximum efficiency when
- * invoking <code>authorizeOperation</code> in each operation.
- *
- * @param principal
- * the principal associated with the authenticated client or
- * peer; a null principal implies an unauthenticated client
- * which should be handled properly by implementations
- * @param remoteMember
- * the {@link DistributedMember} object for the remote
- * authenticated client or peer
- * @param cache
- * reference to the cache object
- *
- * @throws NotAuthorizedException
- * if some exception condition happens during the
- * initialization; in such a case all subsequent client
- * operations on that connection will throw
- * <code>NotAuthorizedException</code>
- */
- void init(Principal principal, DistributedMember remoteMember,
- Cache cache) throws NotAuthorizedException;
-
- default void init(Principal principal, DistributedMember remoteMember) throws NotAuthorizedException {
- init(principal, remoteMember, null);
- }
-
- default void init(Principal principal) throws NotAuthorizedException {
- init(principal, null, null);
- }
-
- /**
- * Check if the given operation is allowed for the cache/region.
- *
- * This method is invoked in each cache and region level operation. It is,
- * therefore, expected that as far as possible relevant information has been
- * cached in the <code>init</code> call made when the connection was
- * established so that this call is as quick as possible.
- *
- * @param regionName
- * When null then it indicates a cache-level operation (i.e.
- * one of {@link com.gemstone.gemfire.cache.operations.OperationContext.OperationCode#REGION_DESTROY} or
- * {@link com.gemstone.gemfire.cache.operations.OperationContext.OperationCode#QUERY}, else the name of the region
- * for the operation.
- * @param context
- * When invoked before the operation then the data required by
- * the operation. When invoked as a post-process filter then it
- * contains the result of the operation. The data in the
- * context can be possibly modified by the method.
- *
- * @return true if the operation is authorized and false otherwise
- *
- */
- boolean authorizeOperation(String regionName, OperationContext context);
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/com/gemstone/gemfire/security/AuthInitialize.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/AuthInitialize.java b/geode-core/src/main/java/com/gemstone/gemfire/security/AuthInitialize.java
deleted file mode 100644
index e92772b..0000000
--- a/geode-core/src/main/java/com/gemstone/gemfire/security/AuthInitialize.java
+++ /dev/null
@@ -1,97 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.gemstone.gemfire.security;
-
-import java.util.Properties;
-
-import com.gemstone.gemfire.LogWriter;
-import com.gemstone.gemfire.cache.CacheCallback;
-import com.gemstone.gemfire.distributed.DistributedMember;
-import com.gemstone.gemfire.distributed.DistributedSystem;
-import com.gemstone.gemfire.internal.cache.GemFireCacheImpl;
-
-// TODO Add example usage of this interface and configuration details
-/**
- * Specifies the mechanism to obtain credentials for a client or peer. It is
- * mandatory for clients and peers when running in secure mode and an
- * {@link Authenticator} has been configured on the server/locator side
- * respectively. Implementations should register name of the static creation
- * function (that returns an object of the class) as the
- * <i>security-peer-auth-init</i> system property on peers and as the
- * <i>security-client-auth-init</i> system property on clients.
- *
- * @since GemFire 5.5
- */
-public interface AuthInitialize extends CacheCallback {
-
- /**
- * Initialize the callback for a client/peer. This is invoked when a new
- * connection from a client/peer is created with the host.
- *
- * @param systemLogger
- * {@link LogWriter} for system logs
- * @param securityLogger
- * {@link LogWriter} for security logs
- *
- * @throws AuthenticationFailedException
- * if some exception occurs during the initialization
- *
- * @deprecated since Geode 1.0, use init()
- */
- public void init(LogWriter systemLogger, LogWriter securityLogger)
- throws AuthenticationFailedException;
-
- /**
- * @since Geode 1.0. implement this method instead of init with logwriters.
- * Implementation should use log4j instead of these loggers.
- */
- default public void init(){
- GemFireCacheImpl cache = GemFireCacheImpl.getInstance();
- init(cache.getLogger(), cache.getSecurityLogger());
- }
- /**
- * Initialize with the given set of security properties and return the
- * credentials for the peer/client as properties.
- *
- * This method can modify the given set of properties. For example it may
- * invoke external agents or even interact with the user.
- *
- * Normally it is expected that implementations will filter out <i>security-*</i>
- * properties that are needed for credentials and return only those.
- *
- * @param securityProps
- * the security properties obtained using a call to
- * {@link DistributedSystem#getSecurityProperties} that will be
- * used for obtaining the credentials
- * @param server
- * the {@link DistributedMember} object of the
- * server/group-coordinator to which connection is being
- * attempted
- * @param isPeer
- * true when this is invoked for peer initialization and false
- * when invoked for client initialization
- *
- * @throws AuthenticationFailedException
- * in case of failure to obtain the credentials
- *
- * @return the credentials to be used for the given <code>server</code>
- */
- public Properties getCredentials(Properties securityProps,
- DistributedMember server, boolean isPeer)
- throws AuthenticationFailedException;
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/com/gemstone/gemfire/security/AuthenticationFailedException.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/AuthenticationFailedException.java b/geode-core/src/main/java/com/gemstone/gemfire/security/AuthenticationFailedException.java
deleted file mode 100644
index 3ab728f..0000000
--- a/geode-core/src/main/java/com/gemstone/gemfire/security/AuthenticationFailedException.java
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.gemstone.gemfire.security;
-
-/**
- * Thrown if authentication of this client/peer fails.
- *
- * @since GemFire 5.5
- */
-public class AuthenticationFailedException extends GemFireSecurityException {
-private static final long serialVersionUID = -8202866472279088879L;
-
- // TODO Derive from SecurityException
- /**
- * Constructs instance of <code>AuthenticationFailedException</code> with
- * error message.
- *
- * @param message
- * the error message
- */
- public AuthenticationFailedException(String message) {
- super(message);
- }
-
- /**
- * Constructs instance of <code>AuthenticationFailedException</code> with
- * error message and cause.
- *
- * @param message
- * the error message
- * @param cause
- * a <code>Throwable</code> that is a cause of this exception
- */
- public AuthenticationFailedException(String message, Throwable cause) {
- super(message, cause);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/com/gemstone/gemfire/security/AuthenticationRequiredException.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/AuthenticationRequiredException.java b/geode-core/src/main/java/com/gemstone/gemfire/security/AuthenticationRequiredException.java
deleted file mode 100644
index f67af39..0000000
--- a/geode-core/src/main/java/com/gemstone/gemfire/security/AuthenticationRequiredException.java
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.gemstone.gemfire.security;
-
-/**
- * Thrown if the distributed system is in secure mode and this client/peer has
- * not set the security credentials.
- *
- * @since GemFire 5.5
- */
-public class AuthenticationRequiredException extends GemFireSecurityException {
-private static final long serialVersionUID = 4675976651103154919L;
-
- /**
- * Constructs instance of <code>NotAuthenticatedException</code> with error
- * message.
- *
- * @param message
- * the error message
- */
- public AuthenticationRequiredException(String message) {
- super(message);
- }
-
- /**
- * Constructs instance of <code>NotAuthenticatedException</code> with error
- * message and cause.
- *
- * @param message
- * the error message
- * @param cause
- * a <code>Throwable</code> that is a cause of this exception
- */
- public AuthenticationRequiredException(String message, Throwable cause) {
- super(message, cause);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/com/gemstone/gemfire/security/Authenticator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/Authenticator.java b/geode-core/src/main/java/com/gemstone/gemfire/security/Authenticator.java
deleted file mode 100644
index f66f092..0000000
--- a/geode-core/src/main/java/com/gemstone/gemfire/security/Authenticator.java
+++ /dev/null
@@ -1,96 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.gemstone.gemfire.security;
-
-import java.security.Principal;
-import java.util.Properties;
-
-import com.gemstone.gemfire.LogWriter;
-import com.gemstone.gemfire.cache.CacheCallback;
-import com.gemstone.gemfire.distributed.DistributedMember;
-import com.gemstone.gemfire.distributed.DistributedSystem;
-
-/**
- * Specifies the mechanism to verify credentials for a client or peer.
- * Implementations should register name of the static creation function as the
- * <code>security-peer-authenticator</code> system property with all the
- * locators in the distributed system for peer authentication, and as
- * <code>security-client-authenticator</code> for client authentication. For
- * P2P an object is initialized on the group coordinator for each member during
- * the {@link DistributedSystem#connect(Properties)} call of a new member. For
- * client-server, an object of this class is created for each connection during
- * the client-server handshake.
- *
- * The static creation function should have the following signature:
- * <code>public static Authenticator [method-name]();</code> i.e. it should be
- * a zero argument function.
- *
- * @since GemFire 5.5
- *
- * @deprecated since Geode 1.0, use {@link SecurityManager} instead
- */
-public interface Authenticator extends CacheCallback {
-
- /**
- * Initialize the callback for a client/peer. This is invoked when a new
- * connection from a client/peer is created with the host.
- *
- * @param securityProps
- * the security properties obtained using a call to
- * {@link DistributedSystem#getSecurityProperties}
- * @param systemLogger
- * {@link LogWriter} for system logs
- * @param securityLogger
- * {@link LogWriter} for security logs
- *
- * @throws AuthenticationFailedException
- * if some exception occurs during the initialization
- */
- void init(Properties securityProps, LogWriter systemLogger,
- LogWriter securityLogger) throws AuthenticationFailedException;
-
- default void init(Properties securityProps) throws AuthenticationFailedException{
- init(securityProps, null, null);
- }
-
- /**
- * Verify the credentials provided in the properties for the client/peer as
- * specified in member ID and returns the principal associated with the
- * client/peer.
- *
- * @param props
- * the credentials of the client/peer as a set of property
- * key/values
- * @param member
- * the {@link DistributedMember} object of the connecting
- * client/peer member. NULL when invoked locally on the
- * member initiating the authentication request.
- *
- * @return the principal for the client/peer when authentication succeeded
- *
- * @throws AuthenticationFailedException
- * If the authentication of the client/peer fails.
- */
- Principal authenticate(Properties props, DistributedMember member)
- throws AuthenticationFailedException;
-
- default Principal authenticate(Properties props) throws AuthenticationFailedException{
- return authenticate(props, null);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/com/gemstone/gemfire/security/GemFireSecurityException.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/GemFireSecurityException.java b/geode-core/src/main/java/com/gemstone/gemfire/security/GemFireSecurityException.java
deleted file mode 100644
index 049137d..0000000
--- a/geode-core/src/main/java/com/gemstone/gemfire/security/GemFireSecurityException.java
+++ /dev/null
@@ -1,132 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security;
-
-import java.io.IOException;
-import java.io.ObjectOutputStream;
-import java.io.Serializable;
-import javax.naming.NamingException;
-
-import com.gemstone.gemfire.GemFireException;
-
-/**
- * The base class for all com.gemstone.gemfire.security package related
- * exceptions.
- *
- * @since GemFire 5.5
- */
-public class GemFireSecurityException extends GemFireException {
-
- private static final long serialVersionUID = 3814254578203076926L;
-
- private Throwable cause;
-
- /**
- * Constructs a new exception with the specified detail message.
- *
- * @param message the detail message (which is saved for later retrieval
- * by the {@link #getMessage()} method). (A <tt>null</tt> value
- * is permitted.)
- */
- public GemFireSecurityException(final String message) {
- this(message, null);
- }
-
- /**
- * Constructs a new exception with the specified cause.
- *
- * <p>Note that the detail message associated with {@code cause} <i>is</i>
- * automatically used as this exception's detail message.
- *
- * @param cause the cause (which is saved for later retrieval by the
- * {@link #getCause()} method). (A <tt>null</tt> value is
- * permitted, and indicates that the cause is nonexistent or
- * unknown.)
- */
- public GemFireSecurityException(final Throwable cause) {
- this(cause != null ? cause.getMessage() : null, cause);
- }
-
- /**
- * Constructs a new exception with the specified detail message and cause.
- *
- * <p>If {@code message} is null, then the detail message associated with
- * {@code cause} <i>is</i> automatically used as this exception's detail
- * message.
- *
- * @param message the detail message (which is saved for later retrieval
- * by the {@link #getMessage()} method). (A <tt>null</tt> value
- * is permitted.)
- * @param cause the cause (which is saved for later retrieval by the
- * {@link #getCause()} method). (A <tt>null</tt> value is
- * permitted, and indicates that the cause is nonexistent or
- * unknown.)
- */
- public GemFireSecurityException(final String message, final Throwable cause) {
- super(message != null ? message : (cause != null ? cause.getMessage() : null));
- this.cause = cause;
- }
-
- @Override
- public final synchronized Throwable getCause() {
- return (this.cause == this ? null : this.cause);
- }
-
- /**
- * Returns true if the provided {@code object} implements {@code Serializable}.
- *
- * @param object the {@code object} to test for implementing {@code Serializable}.
- * @return true if the provided {@code object} implements {@code Serializable}.
- */
- protected final boolean isSerializable(final Object object) {
- if (object == null) {
- return true;
- }
- return Serializable.class.isInstance(object);
- }
-
- /**
- * Returns {@link NamingException#getResolvedObj()} if the {@code cause}
- * is a {@code NamingException}. Returns <tt>null</tt> for any other type
- * of {@code cause}.
- *
- * @return {@code NamingException#getResolvedObj()} if the {@code cause}
- * is a {@code NamingException}.
- */
- protected final Object getResolvedObj() {
- final Throwable thisCause = this.cause;
- if (thisCause != null && NamingException.class.isInstance(thisCause)) {
- return ((NamingException) thisCause).getResolvedObj();
- }
- return null;
- }
-
- private synchronized void writeObject(final ObjectOutputStream out) throws IOException {
- final Object resolvedObj = getResolvedObj();
- if (isSerializable(resolvedObj)) {
- out.defaultWriteObject();
- } else {
- final NamingException namingException = (NamingException) getCause();
- namingException.setResolvedObj(null);
- try {
- out.defaultWriteObject();
- } finally {
- namingException.setResolvedObj(resolvedObj);
- }
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/com/gemstone/gemfire/security/NotAuthorizedException.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/NotAuthorizedException.java b/geode-core/src/main/java/com/gemstone/gemfire/security/NotAuthorizedException.java
deleted file mode 100644
index 2e834f8..0000000
--- a/geode-core/src/main/java/com/gemstone/gemfire/security/NotAuthorizedException.java
+++ /dev/null
@@ -1,134 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security;
-
-import java.io.IOException;
-import java.io.ObjectOutputStream;
-import java.security.Principal;
-import javax.naming.NamingException;
-
-/**
- * Thrown when a client/peer is unauthorized to perform a requested operation.
- *
- * @since GemFire 5.5
- */
-public class NotAuthorizedException extends GemFireSecurityException {
-
- private static final long serialVersionUID = 419215768216387745L;
-
- private Principal principal = null;
-
- /**
- * Constructs a new exception with the specified detail message and
- * principal.
- *
- * @param message the detail message (which is saved for later retrieval
- * by the {@link #getMessage()} method). (A <tt>null</tt> value
- * is permitted.)
- */
- public NotAuthorizedException(final String message) {
- this(message, null, null);
- }
-
- /**
- * Constructs a new exception with the specified detail message and cause.
- *
- * <p>If {@code message} is null, then the detail message associated with
- * {@code cause} <i>is</i> automatically used as this exception's detail
- * message.
- *
- * @param message the detail message (which is saved for later retrieval
- * by the {@link #getMessage()} method). (A <tt>null</tt> value
- * is permitted.)
- * @param cause the cause (which is saved for later retrieval by the
- * {@link #getCause()} method). (A <tt>null</tt> value is
- * permitted, and indicates that the cause is nonexistent or
- * unknown.)
- */
- public NotAuthorizedException(final String message, final Throwable cause) {
- this(message, cause, null);
- }
-
- /**
- * Constructs a new exception with the specified detail message and
- * principal.
- *
- * @param message the detail message (which is saved for later retrieval
- * by the {@link #getMessage()} method). (A <tt>null</tt> value
- * is permitted.)
- * @param principal the principal for which authorization failed.
- * (A <tt>null</tt> value is permitted.)
- */
- public NotAuthorizedException(final String message, final Principal principal) {
- this(message, null, principal);
- }
-
- /**
- * Constructs a new exception with the specified detail message, cause and
- * principal.
- *
- * <p>If {@code message} is null, then the detail message associated with
- * {@code cause} <i>is</i> automatically used as this exception's detail
- * message.
- *
- * @param message the detail message (which is saved for later retrieval
- * by the {@link #getMessage()} method). (A <tt>null</tt> value
- * is permitted.)
- * @param cause the cause (which is saved for later retrieval by the
- * {@link #getCause()} method). (A <tt>null</tt> value is
- * permitted, and indicates that the cause is nonexistent or
- * unknown.)
- * @param principal the principal for which authorization failed.
- * (A <tt>null</tt> value is permitted.)
- */
- public NotAuthorizedException(final String message, final Throwable cause, final Principal principal) {
- super(message, cause);
- this.principal = principal;
- }
-
- /**
- * Returns the {@code principal} for which authorization failed.
- *
- * @return the {@code principal} for which authorization failed.
- */
- public synchronized Principal getPrincipal() {
- return this.principal;
- }
-
- private synchronized void writeObject(final ObjectOutputStream out) throws IOException {
- final Principal thisPrincipal = this.principal;
- if (!isSerializable(thisPrincipal)) {
- this.principal = null;
- }
-
- final Object resolvedObj = getResolvedObj();
- NamingException namingException = null;
- if (!isSerializable(resolvedObj)) {
- namingException = (NamingException) getCause();
- namingException.setResolvedObj(null);
- }
-
- try {
- out.defaultWriteObject();
- } finally {
- this.principal = thisPrincipal;
- if (namingException != null) {
- namingException.setResolvedObj(resolvedObj);
- }
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/com/gemstone/gemfire/security/package.html
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/package.html b/geode-core/src/main/java/com/gemstone/gemfire/security/package.html
deleted file mode 100644
index 7772765..0000000
--- a/geode-core/src/main/java/com/gemstone/gemfire/security/package.html
+++ /dev/null
@@ -1,39 +0,0 @@
-<!--
-Licensed to the Apache Software Foundation (ASF) under one or more
-contributor license agreements. See the NOTICE file distributed with
-this work for additional information regarding copyright ownership.
-The ASF licenses this file to You under the Apache License, Version 2.0
-(the "License"); you may not use this file except in compliance with
-the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-<HTML>
-<BODY>
-
-<P>Provides an API for plugging in authentication and authorization
-for members of a distributed system and clients.
-
-<H3>GemFire security framework</H3>
-The security framework tackles two requirements: authentication of nodes
-and authorization for operations. The authentication piece deals with
-authentication of nodes in a peer-to-peer network as well as of the clients
-that connect to the servers.
-
-<P>
-<I>
-It is not our plan to provide a sophisticated security infrastructure
-built into GemFire. Most enterprise customers have their own authentication
-and entitlement management infrastructure and our plan is make sure the
-framework allows application administrators to delegate the responsibility
-to external providers.
-</I>
-
-</BODY>
-</HTML>
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/org/apache/geode/security/AccessControl.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/security/AccessControl.java b/geode-core/src/main/java/org/apache/geode/security/AccessControl.java
new file mode 100644
index 0000000..3d22864
--- /dev/null
+++ b/geode-core/src/main/java/org/apache/geode/security/AccessControl.java
@@ -0,0 +1,105 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.gemstone.gemfire.security;
+
+import java.security.Principal;
+
+import com.gemstone.gemfire.cache.Cache;
+import com.gemstone.gemfire.cache.CacheCallback;
+import com.gemstone.gemfire.cache.operations.OperationContext;
+import com.gemstone.gemfire.distributed.DistributedMember;
+
+/**
+ * Specifies the interface to authorize operations at the cache or region level
+ * for clients or servers. Implementations should register name of the static
+ * creation function as the <code>security-client-accessor</code> system
+ * property with all the servers uniformly in the distributed system for client
+ * authorization. When the <code>security-client-accessor-pp</code> property
+ * is set then the callback mentioned is invoked after the operation completes
+ * successfully and when sending notifications.
+ *
+ * When the registration has been done for a client/peer then an object of this
+ * class is created for each connection from the client/peer and the
+ * <code>authorizeOperation</code> method invoked before/after each operation.
+ *
+ * @since GemFire 5.5
+ *
+ * @deprecated since Geode 1.0, use {@link SecurityManager} instead
+ */
+public interface AccessControl extends CacheCallback {
+
+ /**
+ * Initialize the callback for a client/peer having the given principal.
+ *
+ * This is invoked when a new connection from a client/peer is created with
+ * the host. The callback is expected to store authentication information of
+ * the given principal for the different regions for maximum efficiency when
+ * invoking <code>authorizeOperation</code> in each operation.
+ *
+ * @param principal
+ * the principal associated with the authenticated client or
+ * peer; a null principal implies an unauthenticated client
+ * which should be handled properly by implementations
+ * @param remoteMember
+ * the {@link DistributedMember} object for the remote
+ * authenticated client or peer
+ * @param cache
+ * reference to the cache object
+ *
+ * @throws NotAuthorizedException
+ * if some exception condition happens during the
+ * initialization; in such a case all subsequent client
+ * operations on that connection will throw
+ * <code>NotAuthorizedException</code>
+ */
+ void init(Principal principal, DistributedMember remoteMember,
+ Cache cache) throws NotAuthorizedException;
+
+ default void init(Principal principal, DistributedMember remoteMember) throws NotAuthorizedException {
+ init(principal, remoteMember, null);
+ }
+
+ default void init(Principal principal) throws NotAuthorizedException {
+ init(principal, null, null);
+ }
+
+ /**
+ * Check if the given operation is allowed for the cache/region.
+ *
+ * This method is invoked in each cache and region level operation. It is,
+ * therefore, expected that as far as possible relevant information has been
+ * cached in the <code>init</code> call made when the connection was
+ * established so that this call is as quick as possible.
+ *
+ * @param regionName
+ * When null then it indicates a cache-level operation (i.e.
+ * one of {@link com.gemstone.gemfire.cache.operations.OperationContext.OperationCode#REGION_DESTROY} or
+ * {@link com.gemstone.gemfire.cache.operations.OperationContext.OperationCode#QUERY}, else the name of the region
+ * for the operation.
+ * @param context
+ * When invoked before the operation then the data required by
+ * the operation. When invoked as a post-process filter then it
+ * contains the result of the operation. The data in the
+ * context can be possibly modified by the method.
+ *
+ * @return true if the operation is authorized and false otherwise
+ *
+ */
+ boolean authorizeOperation(String regionName, OperationContext context);
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/org/apache/geode/security/AuthInitialize.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/security/AuthInitialize.java b/geode-core/src/main/java/org/apache/geode/security/AuthInitialize.java
new file mode 100644
index 0000000..e92772b
--- /dev/null
+++ b/geode-core/src/main/java/org/apache/geode/security/AuthInitialize.java
@@ -0,0 +1,97 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.gemstone.gemfire.security;
+
+import java.util.Properties;
+
+import com.gemstone.gemfire.LogWriter;
+import com.gemstone.gemfire.cache.CacheCallback;
+import com.gemstone.gemfire.distributed.DistributedMember;
+import com.gemstone.gemfire.distributed.DistributedSystem;
+import com.gemstone.gemfire.internal.cache.GemFireCacheImpl;
+
+// TODO Add example usage of this interface and configuration details
+/**
+ * Specifies the mechanism to obtain credentials for a client or peer. It is
+ * mandatory for clients and peers when running in secure mode and an
+ * {@link Authenticator} has been configured on the server/locator side
+ * respectively. Implementations should register name of the static creation
+ * function (that returns an object of the class) as the
+ * <i>security-peer-auth-init</i> system property on peers and as the
+ * <i>security-client-auth-init</i> system property on clients.
+ *
+ * @since GemFire 5.5
+ */
+public interface AuthInitialize extends CacheCallback {
+
+ /**
+ * Initialize the callback for a client/peer. This is invoked when a new
+ * connection from a client/peer is created with the host.
+ *
+ * @param systemLogger
+ * {@link LogWriter} for system logs
+ * @param securityLogger
+ * {@link LogWriter} for security logs
+ *
+ * @throws AuthenticationFailedException
+ * if some exception occurs during the initialization
+ *
+ * @deprecated since Geode 1.0, use init()
+ */
+ public void init(LogWriter systemLogger, LogWriter securityLogger)
+ throws AuthenticationFailedException;
+
+ /**
+ * @since Geode 1.0. implement this method instead of init with logwriters.
+ * Implementation should use log4j instead of these loggers.
+ */
+ default public void init(){
+ GemFireCacheImpl cache = GemFireCacheImpl.getInstance();
+ init(cache.getLogger(), cache.getSecurityLogger());
+ }
+ /**
+ * Initialize with the given set of security properties and return the
+ * credentials for the peer/client as properties.
+ *
+ * This method can modify the given set of properties. For example it may
+ * invoke external agents or even interact with the user.
+ *
+ * Normally it is expected that implementations will filter out <i>security-*</i>
+ * properties that are needed for credentials and return only those.
+ *
+ * @param securityProps
+ * the security properties obtained using a call to
+ * {@link DistributedSystem#getSecurityProperties} that will be
+ * used for obtaining the credentials
+ * @param server
+ * the {@link DistributedMember} object of the
+ * server/group-coordinator to which connection is being
+ * attempted
+ * @param isPeer
+ * true when this is invoked for peer initialization and false
+ * when invoked for client initialization
+ *
+ * @throws AuthenticationFailedException
+ * in case of failure to obtain the credentials
+ *
+ * @return the credentials to be used for the given <code>server</code>
+ */
+ public Properties getCredentials(Properties securityProps,
+ DistributedMember server, boolean isPeer)
+ throws AuthenticationFailedException;
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/org/apache/geode/security/AuthenticationFailedException.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/security/AuthenticationFailedException.java b/geode-core/src/main/java/org/apache/geode/security/AuthenticationFailedException.java
new file mode 100644
index 0000000..3ab728f
--- /dev/null
+++ b/geode-core/src/main/java/org/apache/geode/security/AuthenticationFailedException.java
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.gemstone.gemfire.security;
+
+/**
+ * Thrown if authentication of this client/peer fails.
+ *
+ * @since GemFire 5.5
+ */
+public class AuthenticationFailedException extends GemFireSecurityException {
+private static final long serialVersionUID = -8202866472279088879L;
+
+ // TODO Derive from SecurityException
+ /**
+ * Constructs instance of <code>AuthenticationFailedException</code> with
+ * error message.
+ *
+ * @param message
+ * the error message
+ */
+ public AuthenticationFailedException(String message) {
+ super(message);
+ }
+
+ /**
+ * Constructs instance of <code>AuthenticationFailedException</code> with
+ * error message and cause.
+ *
+ * @param message
+ * the error message
+ * @param cause
+ * a <code>Throwable</code> that is a cause of this exception
+ */
+ public AuthenticationFailedException(String message, Throwable cause) {
+ super(message, cause);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/org/apache/geode/security/AuthenticationRequiredException.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/security/AuthenticationRequiredException.java b/geode-core/src/main/java/org/apache/geode/security/AuthenticationRequiredException.java
new file mode 100644
index 0000000..f67af39
--- /dev/null
+++ b/geode-core/src/main/java/org/apache/geode/security/AuthenticationRequiredException.java
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.gemstone.gemfire.security;
+
+/**
+ * Thrown if the distributed system is in secure mode and this client/peer has
+ * not set the security credentials.
+ *
+ * @since GemFire 5.5
+ */
+public class AuthenticationRequiredException extends GemFireSecurityException {
+private static final long serialVersionUID = 4675976651103154919L;
+
+ /**
+ * Constructs instance of <code>NotAuthenticatedException</code> with error
+ * message.
+ *
+ * @param message
+ * the error message
+ */
+ public AuthenticationRequiredException(String message) {
+ super(message);
+ }
+
+ /**
+ * Constructs instance of <code>NotAuthenticatedException</code> with error
+ * message and cause.
+ *
+ * @param message
+ * the error message
+ * @param cause
+ * a <code>Throwable</code> that is a cause of this exception
+ */
+ public AuthenticationRequiredException(String message, Throwable cause) {
+ super(message, cause);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/org/apache/geode/security/Authenticator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/security/Authenticator.java b/geode-core/src/main/java/org/apache/geode/security/Authenticator.java
new file mode 100644
index 0000000..f66f092
--- /dev/null
+++ b/geode-core/src/main/java/org/apache/geode/security/Authenticator.java
@@ -0,0 +1,96 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.gemstone.gemfire.security;
+
+import java.security.Principal;
+import java.util.Properties;
+
+import com.gemstone.gemfire.LogWriter;
+import com.gemstone.gemfire.cache.CacheCallback;
+import com.gemstone.gemfire.distributed.DistributedMember;
+import com.gemstone.gemfire.distributed.DistributedSystem;
+
+/**
+ * Specifies the mechanism to verify credentials for a client or peer.
+ * Implementations should register name of the static creation function as the
+ * <code>security-peer-authenticator</code> system property with all the
+ * locators in the distributed system for peer authentication, and as
+ * <code>security-client-authenticator</code> for client authentication. For
+ * P2P an object is initialized on the group coordinator for each member during
+ * the {@link DistributedSystem#connect(Properties)} call of a new member. For
+ * client-server, an object of this class is created for each connection during
+ * the client-server handshake.
+ *
+ * The static creation function should have the following signature:
+ * <code>public static Authenticator [method-name]();</code> i.e. it should be
+ * a zero argument function.
+ *
+ * @since GemFire 5.5
+ *
+ * @deprecated since Geode 1.0, use {@link SecurityManager} instead
+ */
+public interface Authenticator extends CacheCallback {
+
+ /**
+ * Initialize the callback for a client/peer. This is invoked when a new
+ * connection from a client/peer is created with the host.
+ *
+ * @param securityProps
+ * the security properties obtained using a call to
+ * {@link DistributedSystem#getSecurityProperties}
+ * @param systemLogger
+ * {@link LogWriter} for system logs
+ * @param securityLogger
+ * {@link LogWriter} for security logs
+ *
+ * @throws AuthenticationFailedException
+ * if some exception occurs during the initialization
+ */
+ void init(Properties securityProps, LogWriter systemLogger,
+ LogWriter securityLogger) throws AuthenticationFailedException;
+
+ default void init(Properties securityProps) throws AuthenticationFailedException{
+ init(securityProps, null, null);
+ }
+
+ /**
+ * Verify the credentials provided in the properties for the client/peer as
+ * specified in member ID and returns the principal associated with the
+ * client/peer.
+ *
+ * @param props
+ * the credentials of the client/peer as a set of property
+ * key/values
+ * @param member
+ * the {@link DistributedMember} object of the connecting
+ * client/peer member. NULL when invoked locally on the
+ * member initiating the authentication request.
+ *
+ * @return the principal for the client/peer when authentication succeeded
+ *
+ * @throws AuthenticationFailedException
+ * If the authentication of the client/peer fails.
+ */
+ Principal authenticate(Properties props, DistributedMember member)
+ throws AuthenticationFailedException;
+
+ default Principal authenticate(Properties props) throws AuthenticationFailedException{
+ return authenticate(props, null);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/org/apache/geode/security/GemFireSecurityException.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/security/GemFireSecurityException.java b/geode-core/src/main/java/org/apache/geode/security/GemFireSecurityException.java
new file mode 100644
index 0000000..049137d
--- /dev/null
+++ b/geode-core/src/main/java/org/apache/geode/security/GemFireSecurityException.java
@@ -0,0 +1,132 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import java.io.IOException;
+import java.io.ObjectOutputStream;
+import java.io.Serializable;
+import javax.naming.NamingException;
+
+import com.gemstone.gemfire.GemFireException;
+
+/**
+ * The base class for all com.gemstone.gemfire.security package related
+ * exceptions.
+ *
+ * @since GemFire 5.5
+ */
+public class GemFireSecurityException extends GemFireException {
+
+ private static final long serialVersionUID = 3814254578203076926L;
+
+ private Throwable cause;
+
+ /**
+ * Constructs a new exception with the specified detail message.
+ *
+ * @param message the detail message (which is saved for later retrieval
+ * by the {@link #getMessage()} method). (A <tt>null</tt> value
+ * is permitted.)
+ */
+ public GemFireSecurityException(final String message) {
+ this(message, null);
+ }
+
+ /**
+ * Constructs a new exception with the specified cause.
+ *
+ * <p>Note that the detail message associated with {@code cause} <i>is</i>
+ * automatically used as this exception's detail message.
+ *
+ * @param cause the cause (which is saved for later retrieval by the
+ * {@link #getCause()} method). (A <tt>null</tt> value is
+ * permitted, and indicates that the cause is nonexistent or
+ * unknown.)
+ */
+ public GemFireSecurityException(final Throwable cause) {
+ this(cause != null ? cause.getMessage() : null, cause);
+ }
+
+ /**
+ * Constructs a new exception with the specified detail message and cause.
+ *
+ * <p>If {@code message} is null, then the detail message associated with
+ * {@code cause} <i>is</i> automatically used as this exception's detail
+ * message.
+ *
+ * @param message the detail message (which is saved for later retrieval
+ * by the {@link #getMessage()} method). (A <tt>null</tt> value
+ * is permitted.)
+ * @param cause the cause (which is saved for later retrieval by the
+ * {@link #getCause()} method). (A <tt>null</tt> value is
+ * permitted, and indicates that the cause is nonexistent or
+ * unknown.)
+ */
+ public GemFireSecurityException(final String message, final Throwable cause) {
+ super(message != null ? message : (cause != null ? cause.getMessage() : null));
+ this.cause = cause;
+ }
+
+ @Override
+ public final synchronized Throwable getCause() {
+ return (this.cause == this ? null : this.cause);
+ }
+
+ /**
+ * Returns true if the provided {@code object} implements {@code Serializable}.
+ *
+ * @param object the {@code object} to test for implementing {@code Serializable}.
+ * @return true if the provided {@code object} implements {@code Serializable}.
+ */
+ protected final boolean isSerializable(final Object object) {
+ if (object == null) {
+ return true;
+ }
+ return Serializable.class.isInstance(object);
+ }
+
+ /**
+ * Returns {@link NamingException#getResolvedObj()} if the {@code cause}
+ * is a {@code NamingException}. Returns <tt>null</tt> for any other type
+ * of {@code cause}.
+ *
+ * @return {@code NamingException#getResolvedObj()} if the {@code cause}
+ * is a {@code NamingException}.
+ */
+ protected final Object getResolvedObj() {
+ final Throwable thisCause = this.cause;
+ if (thisCause != null && NamingException.class.isInstance(thisCause)) {
+ return ((NamingException) thisCause).getResolvedObj();
+ }
+ return null;
+ }
+
+ private synchronized void writeObject(final ObjectOutputStream out) throws IOException {
+ final Object resolvedObj = getResolvedObj();
+ if (isSerializable(resolvedObj)) {
+ out.defaultWriteObject();
+ } else {
+ final NamingException namingException = (NamingException) getCause();
+ namingException.setResolvedObj(null);
+ try {
+ out.defaultWriteObject();
+ } finally {
+ namingException.setResolvedObj(resolvedObj);
+ }
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/org/apache/geode/security/NotAuthorizedException.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/security/NotAuthorizedException.java b/geode-core/src/main/java/org/apache/geode/security/NotAuthorizedException.java
new file mode 100644
index 0000000..2e834f8
--- /dev/null
+++ b/geode-core/src/main/java/org/apache/geode/security/NotAuthorizedException.java
@@ -0,0 +1,134 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import java.io.IOException;
+import java.io.ObjectOutputStream;
+import java.security.Principal;
+import javax.naming.NamingException;
+
+/**
+ * Thrown when a client/peer is unauthorized to perform a requested operation.
+ *
+ * @since GemFire 5.5
+ */
+public class NotAuthorizedException extends GemFireSecurityException {
+
+ private static final long serialVersionUID = 419215768216387745L;
+
+ private Principal principal = null;
+
+ /**
+ * Constructs a new exception with the specified detail message and
+ * principal.
+ *
+ * @param message the detail message (which is saved for later retrieval
+ * by the {@link #getMessage()} method). (A <tt>null</tt> value
+ * is permitted.)
+ */
+ public NotAuthorizedException(final String message) {
+ this(message, null, null);
+ }
+
+ /**
+ * Constructs a new exception with the specified detail message and cause.
+ *
+ * <p>If {@code message} is null, then the detail message associated with
+ * {@code cause} <i>is</i> automatically used as this exception's detail
+ * message.
+ *
+ * @param message the detail message (which is saved for later retrieval
+ * by the {@link #getMessage()} method). (A <tt>null</tt> value
+ * is permitted.)
+ * @param cause the cause (which is saved for later retrieval by the
+ * {@link #getCause()} method). (A <tt>null</tt> value is
+ * permitted, and indicates that the cause is nonexistent or
+ * unknown.)
+ */
+ public NotAuthorizedException(final String message, final Throwable cause) {
+ this(message, cause, null);
+ }
+
+ /**
+ * Constructs a new exception with the specified detail message and
+ * principal.
+ *
+ * @param message the detail message (which is saved for later retrieval
+ * by the {@link #getMessage()} method). (A <tt>null</tt> value
+ * is permitted.)
+ * @param principal the principal for which authorization failed.
+ * (A <tt>null</tt> value is permitted.)
+ */
+ public NotAuthorizedException(final String message, final Principal principal) {
+ this(message, null, principal);
+ }
+
+ /**
+ * Constructs a new exception with the specified detail message, cause and
+ * principal.
+ *
+ * <p>If {@code message} is null, then the detail message associated with
+ * {@code cause} <i>is</i> automatically used as this exception's detail
+ * message.
+ *
+ * @param message the detail message (which is saved for later retrieval
+ * by the {@link #getMessage()} method). (A <tt>null</tt> value
+ * is permitted.)
+ * @param cause the cause (which is saved for later retrieval by the
+ * {@link #getCause()} method). (A <tt>null</tt> value is
+ * permitted, and indicates that the cause is nonexistent or
+ * unknown.)
+ * @param principal the principal for which authorization failed.
+ * (A <tt>null</tt> value is permitted.)
+ */
+ public NotAuthorizedException(final String message, final Throwable cause, final Principal principal) {
+ super(message, cause);
+ this.principal = principal;
+ }
+
+ /**
+ * Returns the {@code principal} for which authorization failed.
+ *
+ * @return the {@code principal} for which authorization failed.
+ */
+ public synchronized Principal getPrincipal() {
+ return this.principal;
+ }
+
+ private synchronized void writeObject(final ObjectOutputStream out) throws IOException {
+ final Principal thisPrincipal = this.principal;
+ if (!isSerializable(thisPrincipal)) {
+ this.principal = null;
+ }
+
+ final Object resolvedObj = getResolvedObj();
+ NamingException namingException = null;
+ if (!isSerializable(resolvedObj)) {
+ namingException = (NamingException) getCause();
+ namingException.setResolvedObj(null);
+ }
+
+ try {
+ out.defaultWriteObject();
+ } finally {
+ this.principal = thisPrincipal;
+ if (namingException != null) {
+ namingException.setResolvedObj(resolvedObj);
+ }
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/org/apache/geode/security/package.html
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/security/package.html b/geode-core/src/main/java/org/apache/geode/security/package.html
new file mode 100644
index 0000000..7772765
--- /dev/null
+++ b/geode-core/src/main/java/org/apache/geode/security/package.html
@@ -0,0 +1,39 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements. See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<HTML>
+<BODY>
+
+<P>Provides an API for plugging in authentication and authorization
+for members of a distributed system and clients.
+
+<H3>GemFire security framework</H3>
+The security framework tackles two requirements: authentication of nodes
+and authorization for operations. The authentication piece deals with
+authentication of nodes in a peer-to-peer network as well as of the clients
+that connect to the servers.
+
+<P>
+<I>
+It is not our plan to provide a sophisticated security infrastructure
+built into GemFire. Most enterprise customers have their own authentication
+and entitlement management infrastructure and our plan is make sure the
+framework allows application administrators to delegate the responsibility
+to external providers.
+</I>
+
+</BODY>
+</HTML>
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractSecureServerDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractSecureServerDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractSecureServerDUnitTest.java
deleted file mode 100644
index fd38814..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractSecureServerDUnitTest.java
+++ /dev/null
@@ -1,162 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security;
-
-import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
-import static org.assertj.core.api.Assertions.*;
-
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Map.Entry;
-import java.util.Properties;
-
-import org.apache.geode.security.templates.SampleSecurityManager;
-import org.assertj.core.api.ThrowableAssert.ThrowingCallable;
-import org.junit.Before;
-
-import com.gemstone.gemfire.cache.Cache;
-import com.gemstone.gemfire.cache.CacheFactory;
-import com.gemstone.gemfire.cache.Region;
-import com.gemstone.gemfire.cache.RegionShortcut;
-import com.gemstone.gemfire.cache.client.ClientCache;
-import com.gemstone.gemfire.cache.client.ClientCacheFactory;
-import com.gemstone.gemfire.cache.client.ClientRegionShortcut;
-import com.gemstone.gemfire.cache.server.CacheServer;
-import com.gemstone.gemfire.distributed.*;
-import com.gemstone.gemfire.security.templates.UserPasswordAuthInit;
-import com.gemstone.gemfire.test.dunit.Host;
-import com.gemstone.gemfire.test.dunit.Invoke;
-import com.gemstone.gemfire.test.dunit.VM;
-import com.gemstone.gemfire.test.dunit.cache.internal.JUnit4CacheTestCase;
-
-public class AbstractSecureServerDUnitTest extends JUnit4CacheTestCase {
-
- protected static final String REGION_NAME = "AuthRegion";
-
- protected VM client1 = null;
- protected VM client2 = null;
- protected VM client3 = null;
- protected int serverPort;
-
- // child classes can customize these parameters
- protected Class postProcessor = null;
- protected boolean pdxPersistent = false;
- protected int jmxPort = 0;
- protected int restPort = 0;
- protected Map<String, Object> values;
- protected volatile Properties dsProperties;
-
- public AbstractSecureServerDUnitTest(){
- values = new HashMap();
- for(int i=0; i<5; i++){
- values.put("key"+i, "value"+i);
- }
- }
-
- @Before
- public void before() throws Exception {
- final Host host = Host.getHost(0);
- this.client1 = host.getVM(1);
- this.client2 = host.getVM(2);
- this.client3 = host.getVM(3);
-
- Properties props = new Properties();
- props.setProperty(SampleSecurityManager.SECURITY_JSON, "com/gemstone/gemfire/management/internal/security/clientServer.json");
- props.setProperty(SECURITY_MANAGER, SampleSecurityManager.class.getName());
-// props.setProperty(SECURITY_SHIRO_INIT, "shiro.ini");
- props.setProperty(LOCATORS, "");
- props.setProperty(MCAST_PORT, "0");
- if (postProcessor!=null) {
- props.setProperty(SECURITY_POST_PROCESSOR, postProcessor.getName());
- }
- props.setProperty(SECURITY_LOG_LEVEL, "finest");
-
- props.setProperty("security-pdx", pdxPersistent+"");
- if(jmxPort>0){
- props.put(JMX_MANAGER, "true");
- props.put(JMX_MANAGER_START, "true");
- props.put(JMX_MANAGER_PORT, String.valueOf(jmxPort));
- }
-
- if(restPort>0){
- props.setProperty(START_DEV_REST_API, "true");
- props.setProperty(HTTP_SERVICE_BIND_ADDRESS, "localhost");
- props.setProperty(HTTP_SERVICE_PORT, restPort+"");
- }
-
- props.put(ConfigurationProperties.ENABLE_NETWORK_PARTITION_DETECTION, "false");
-
- this.dsProperties = props;
-
- getSystem(props);
-
- CacheFactory cf = new CacheFactory();
- cf.setPdxPersistent(pdxPersistent);
- cf.setPdxReadSerialized(pdxPersistent);
- Cache cache = getCache(cf);
-
- Region region = cache.createRegionFactory(RegionShortcut.REPLICATE).create(REGION_NAME);
-
- CacheServer server = cache.addCacheServer();
- server.setPort(0);
- server.start();
-
- this.serverPort = server.getPort();
-
- for(Entry entry:values.entrySet()){
- region.put(entry.getKey(), entry.getValue());
- }
- }
-
- @Override
- public Properties getDistributedSystemProperties() {
- return dsProperties;
- }
-
- @Override
- public void preTearDownCacheTestCase() throws Exception {
- Invoke.invokeInEveryVM(()->closeCache());
- closeCache();
- }
-
- public static void assertNotAuthorized(ThrowingCallable shouldRaiseThrowable, String permString) {
- assertThatThrownBy(shouldRaiseThrowable).hasMessageContaining(permString);
- }
-
- public static Properties createClientProperties(String userName, String password) {
- Properties props = new Properties();
- props.setProperty(UserPasswordAuthInit.USER_NAME, userName);
- props.setProperty(UserPasswordAuthInit.PASSWORD, password);
- props.setProperty(LOG_LEVEL, "fine");
- props.setProperty(LOCATORS, "");
- props.setProperty(MCAST_PORT, "0");
- props.setProperty(SECURITY_CLIENT_AUTH_INIT, UserPasswordAuthInit.class.getName() + ".create");
- props.setProperty(SECURITY_LOG_LEVEL, "finest");
- return props;
- }
-
- public static ClientCache createClientCache(String username, String password, int serverPort){
- ClientCache cache = new ClientCacheFactory(createClientProperties(username, password))
- .setPoolSubscriptionEnabled(true)
- .addPoolServer("localhost", serverPort)
- .create();
-
- cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME);
- return cache;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationDUnitTest.java
deleted file mode 100644
index dbc782f..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationDUnitTest.java
+++ /dev/null
@@ -1,90 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.gemstone.gemfire.security;
-
-import com.gemstone.gemfire.test.junit.categories.DistributedTest;
-import com.gemstone.gemfire.test.junit.categories.FlakyTest;
-import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-
-import org.junit.Ignore;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-/**
- * Test for authentication from client to server. This tests for both valid and
- * invalid credentials/modules. It also checks for authentication
- * success/failure in case of failover and for the notification channel.
- *
- * @since GemFire 5.5
- */
-@Category({ DistributedTest.class, SecurityTest.class })
-public class ClientAuthenticationDUnitTest extends ClientAuthenticationTestCase {
-
- @Test
- public void testValidCredentials() throws Exception {
- doTestValidCredentials(false);
- }
-
- @Test
- public void testNoCredentials() throws Exception {
- doTestNoCredentials(false);
- }
-
- @Test
- public void testInvalidCredentials() throws Exception {
- doTestInvalidCredentials(false);
- }
-
- @Test
- public void testInvalidAuthInit() throws Exception {
- doTestInvalidAuthInit(false);
- }
-
- @Test
- public void testNoAuthInitWithCredentials() throws Exception {
- doTestNoAuthInitWithCredentials(false);
- }
-
- @Test
- public void testInvalidAuthenticator() throws Exception {
- doTestInvalidAuthenticator(false);
- }
-
- @Test
- public void testNoAuthenticatorWithCredentials() throws Exception {
- doTestNoAuthenticatorWithCredentials(false);
- }
-
- @Test
- public void testCredentialsWithFailover() throws Exception {
- doTestCredentialsWithFailover(false);
- }
-
- @Category(FlakyTest.class) // GEODE-838: random ports, thread sleeps, time sensitive
- @Test
- public void testCredentialsForNotifications() throws Exception {
- doTestCredentialsForNotifications(false);
- }
-
- @Ignore("Disabled for unknown reason")
- @Test
- public void testValidCredentialsForMultipleUsers() throws Exception {
- doTestValidCredentials(true);
- }
-}
[02/15] incubator-geode git commit: GEODE-37 Renamed security related
stuff
Posted by hi...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/templates/PKCSAuthenticator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/templates/PKCSAuthenticator.java b/geode-core/src/test/java/org/apache/geode/security/templates/PKCSAuthenticator.java
new file mode 100755
index 0000000..ac5939d
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/templates/PKCSAuthenticator.java
@@ -0,0 +1,158 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security.templates;
+
+import java.io.FileInputStream;
+import java.security.KeyStore;
+import java.security.NoSuchAlgorithmException;
+import java.security.Principal;
+import java.security.Signature;
+import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
+import java.security.spec.InvalidKeySpecException;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Properties;
+
+import org.apache.logging.log4j.Logger;
+
+import com.gemstone.gemfire.LogWriter;
+import com.gemstone.gemfire.distributed.DistributedMember;
+import com.gemstone.gemfire.internal.logging.LogService;
+import com.gemstone.gemfire.security.AuthenticationFailedException;
+import com.gemstone.gemfire.security.Authenticator;
+
+/**
+ * An implementation of {@link Authenticator} that uses PKCS.
+ */
+public class PKCSAuthenticator implements Authenticator {
+
+ private static final Logger logger = LogService.getLogger();
+
+ public static final String PUBLIC_KEY_FILE = "security-publickey-filepath";
+ public static final String PUBLIC_KEYSTORE_PASSWORD = "security-publickey-pass";
+
+ private String pubKeyFilePath;
+ private String pubKeyPass;
+ private Map aliasCertificateMap;
+
+ private LogWriter systemLogWriter;
+ private LogWriter securityLogWriter;
+
+ public static Authenticator create() {
+ return new PKCSAuthenticator();
+ }
+
+ @Override
+ public void init(final Properties securityProperties, final LogWriter systemLogWriter, final LogWriter securityLogWriter) throws AuthenticationFailedException {
+ this.systemLogWriter = systemLogWriter;
+ this.securityLogWriter = securityLogWriter;
+
+ this.pubKeyFilePath = securityProperties.getProperty(PUBLIC_KEY_FILE);
+ if (this.pubKeyFilePath == null) {
+ throw new AuthenticationFailedException("PKCSAuthenticator: property " + PUBLIC_KEY_FILE + " not specified as the public key file.");
+ }
+
+ this.pubKeyPass = securityProperties.getProperty(PUBLIC_KEYSTORE_PASSWORD);
+ this.aliasCertificateMap = new HashMap();
+
+ populateMap();
+ }
+
+ @Override
+ public Principal authenticate(final Properties credentials, final DistributedMember member) throws AuthenticationFailedException {
+ final String alias = (String)credentials.get(PKCSAuthInit.KEYSTORE_ALIAS);
+ if (alias == null || alias.length() <= 0) {
+ throw new AuthenticationFailedException("No alias received");
+ }
+
+ try {
+ final X509Certificate cert = getCertificate(alias);
+ if (cert == null) {
+ throw newException("No certificate found for alias:" + alias);
+ }
+
+ final byte[] signatureBytes = (byte[])credentials.get(PKCSAuthInit.SIGNATURE_DATA);
+ if (signatureBytes == null) {
+ throw newException("signature data property [" + PKCSAuthInit.SIGNATURE_DATA + "] not provided");
+ }
+
+ final Signature sig = Signature.getInstance(cert.getSigAlgName());
+ sig.initVerify(cert);
+ sig.update(alias.getBytes("UTF-8"));
+
+ if (!sig.verify(signatureBytes)) {
+ throw newException("verification of client signature failed");
+ }
+
+ return new PKCSPrincipal(alias);
+
+ } catch (Exception ex) {
+ throw newException(ex.toString(), ex);
+ }
+ }
+
+ @Override
+ public void close() {
+ }
+
+ private void populateMap() {
+ try {
+ final KeyStore keyStore = KeyStore.getInstance("JKS");
+ final char[] passPhrase = this.pubKeyPass != null ? this.pubKeyPass.toCharArray() : null;
+ final FileInputStream keyStoreFile = new FileInputStream(this.pubKeyFilePath);
+
+ try {
+ keyStore.load(keyStoreFile, passPhrase);
+ } finally {
+ keyStoreFile.close();
+ }
+
+ for (Enumeration e = keyStore.aliases(); e.hasMoreElements();) {
+ final Object alias = e.nextElement();
+ final Certificate cert = keyStore.getCertificate((String)alias);
+ if (cert instanceof X509Certificate) {
+ this.aliasCertificateMap.put(alias, cert);
+ }
+ }
+
+ } catch (Exception e) {
+ throw new AuthenticationFailedException("Exception while getting public keys: " + e.getMessage(), e);
+ }
+ }
+
+ private AuthenticationFailedException newException(final String message, final Exception cause) {
+ final String fullMessage = "PKCSAuthenticator: Authentication of client failed due to: " + message;
+ if (cause != null) {
+ return new AuthenticationFailedException(fullMessage, cause);
+ } else {
+ return new AuthenticationFailedException(fullMessage);
+ }
+ }
+
+ private AuthenticationFailedException newException(final String message) {
+ return newException(message, null);
+ }
+
+ private X509Certificate getCertificate(final String alias) throws NoSuchAlgorithmException, InvalidKeySpecException {
+ if (this.aliasCertificateMap.containsKey(alias)) {
+ return (X509Certificate) this.aliasCertificateMap.get(alias);
+ }
+ return null;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/templates/PKCSPrincipal.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/templates/PKCSPrincipal.java b/geode-core/src/test/java/org/apache/geode/security/templates/PKCSPrincipal.java
new file mode 100755
index 0000000..4a6c45e
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/templates/PKCSPrincipal.java
@@ -0,0 +1,40 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.gemstone.gemfire.security.templates;
+
+import java.io.Serializable;
+import java.security.Principal;
+
+public class PKCSPrincipal implements Principal, Serializable {
+
+ private final String alias;
+
+ public PKCSPrincipal(final String alias) {
+ this.alias = alias;
+ }
+
+ @Override
+ public String getName() {
+ return this.alias;
+ }
+
+ @Override
+ public String toString() {
+ return this.alias;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/templates/PKCSPrincipalTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/templates/PKCSPrincipalTest.java b/geode-core/src/test/java/org/apache/geode/security/templates/PKCSPrincipalTest.java
new file mode 100644
index 0000000..95cd99c
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/templates/PKCSPrincipalTest.java
@@ -0,0 +1,50 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security.templates;
+
+import static org.assertj.core.api.Assertions.*;
+
+import java.io.Serializable;
+
+import org.apache.commons.lang.SerializationUtils;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+import com.gemstone.gemfire.test.junit.categories.UnitTest;
+
+/**
+ * Unit tests for {@link PKCSPrincipal}
+ */
+@Category({ UnitTest.class, SecurityTest.class })
+public class PKCSPrincipalTest {
+
+ @Test
+ public void isSerializable() throws Exception {
+ assertThat(PKCSPrincipal.class).isInstanceOf(Serializable.class);
+ }
+
+ @Test
+ public void canBeSerialized() throws Exception {
+ String name = "jsmith";
+ PKCSPrincipal instance = new PKCSPrincipal(name);
+
+ PKCSPrincipal cloned = (PKCSPrincipal) SerializationUtils.clone(instance);
+
+ assertThat(cloned.getName()).isEqualTo(name);
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/templates/UserPasswordAuthInit.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/templates/UserPasswordAuthInit.java b/geode-core/src/test/java/org/apache/geode/security/templates/UserPasswordAuthInit.java
new file mode 100755
index 0000000..76c6987
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/templates/UserPasswordAuthInit.java
@@ -0,0 +1,75 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security.templates;
+
+import java.util.Properties;
+
+import com.gemstone.gemfire.LogWriter;
+import com.gemstone.gemfire.distributed.DistributedMember;
+import com.gemstone.gemfire.security.AuthInitialize;
+import com.gemstone.gemfire.security.AuthenticationFailedException;
+
+/**
+ * An {@link AuthInitialize} implementation that obtains the user name and
+ * password as the credentials from the given set of properties.
+ *
+ * To use this class the {@code security-client-auth-init} property should be
+ * set to the fully qualified name the static {@code create} method
+ * viz. {@code com.gemstone.gemfire.security.templates.UserPasswordAuthInit.create}
+ *
+ * @since GemFire 5.5
+ */
+public class UserPasswordAuthInit implements AuthInitialize {
+
+ public static final String USER_NAME = "security-username";
+ public static final String PASSWORD = "security-password";
+
+ protected LogWriter systemLogWriter;
+ protected LogWriter securityLogWriter;
+
+ public static AuthInitialize create() {
+ return new UserPasswordAuthInit();
+ }
+
+ @Override
+ public void init(final LogWriter systemLogWriter, final LogWriter securityLogWriter) throws AuthenticationFailedException {
+ this.systemLogWriter = systemLogWriter;
+ this.securityLogWriter = securityLogWriter;
+ }
+
+ @Override
+ public Properties getCredentials(final Properties securityProperties, final DistributedMember server, final boolean isPeer) throws AuthenticationFailedException {
+ String userName = securityProperties.getProperty(USER_NAME);
+ if (userName == null) {
+ throw new AuthenticationFailedException("UserPasswordAuthInit: user name property [" + USER_NAME + "] not set.");
+ }
+
+ String password = securityProperties.getProperty(PASSWORD);
+ if (password == null) {
+ password = "";
+ }
+
+ Properties securityPropertiesCopy = new Properties();
+ securityPropertiesCopy.setProperty(USER_NAME, userName);
+ securityPropertiesCopy.setProperty(PASSWORD, password);
+ return securityPropertiesCopy;
+ }
+
+ @Override
+ public void close() {
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/templates/UsernamePrincipal.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/templates/UsernamePrincipal.java b/geode-core/src/test/java/org/apache/geode/security/templates/UsernamePrincipal.java
new file mode 100755
index 0000000..4eefe46
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/templates/UsernamePrincipal.java
@@ -0,0 +1,44 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security.templates;
+
+import java.io.Serializable;
+import java.security.Principal;
+
+/**
+ * An implementation of {@link Principal} class for a simple user name.
+ *
+ * @since GemFire 5.5
+ */
+public class UsernamePrincipal implements Principal, Serializable {
+
+ private final String userName;
+
+ public UsernamePrincipal(final String userName) {
+ this.userName = userName;
+ }
+
+ @Override
+ public String getName() {
+ return this.userName;
+ }
+
+ @Override
+ public String toString() {
+ return this.userName;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/templates/UsernamePrincipalTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/templates/UsernamePrincipalTest.java b/geode-core/src/test/java/org/apache/geode/security/templates/UsernamePrincipalTest.java
new file mode 100644
index 0000000..7fbb454
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/templates/UsernamePrincipalTest.java
@@ -0,0 +1,50 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security.templates;
+
+import static org.assertj.core.api.Assertions.*;
+
+import java.io.Serializable;
+
+import org.apache.commons.lang.SerializationUtils;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+import com.gemstone.gemfire.test.junit.categories.UnitTest;
+
+/**
+ * Unit tests for {@link UsernamePrincipal}
+ */
+@Category({ UnitTest.class, SecurityTest.class })
+public class UsernamePrincipalTest {
+
+ @Test
+ public void isSerializable() throws Exception {
+ assertThat(UsernamePrincipal.class).isInstanceOf(Serializable.class);
+ }
+
+ @Test
+ public void canBeSerialized() throws Exception {
+ String name = "jsmith";
+ UsernamePrincipal instance = new UsernamePrincipal(name);
+
+ UsernamePrincipal cloned = (UsernamePrincipal) SerializationUtils.clone(instance);
+
+ assertThat(cloned.getName()).isEqualTo(name);
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/templates/XmlAuthorization.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/templates/XmlAuthorization.java b/geode-core/src/test/java/org/apache/geode/security/templates/XmlAuthorization.java
new file mode 100755
index 0000000..4349260
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/templates/XmlAuthorization.java
@@ -0,0 +1,615 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security.templates;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.w3c.dom.Attr;
+import org.w3c.dom.Document;
+import org.w3c.dom.NamedNodeMap;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+import org.xml.sax.EntityResolver;
+import org.xml.sax.InputSource;
+import org.xml.sax.SAXException;
+import org.xml.sax.SAXParseException;
+
+import com.gemstone.gemfire.LogWriter;
+import com.gemstone.gemfire.cache.Cache;
+import com.gemstone.gemfire.cache.operations.ExecuteFunctionOperationContext;
+import com.gemstone.gemfire.cache.operations.OperationContext;
+import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
+import com.gemstone.gemfire.cache.operations.QueryOperationContext;
+import com.gemstone.gemfire.distributed.DistributedMember;
+import com.gemstone.gemfire.security.AccessControl;
+import com.gemstone.gemfire.security.NotAuthorizedException;
+
+/**
+ * An implementation of the {@link AccessControl} interface that allows
+ * authorization using the permissions as specified in the given XML
+ * file.
+ *
+ * The format of the XML file is specified in <a href="authz5_5.dtd"/>. It
+ * implements a role-based authorization at the operation level for each region.
+ * Each principal name may be associated with a set of roles. The name of the
+ * principal is obtained using the {@link Principal#getName()} method and no other
+ * information of the principal is utilized. Each role can be provided
+ * permissions to execute operations for each region.
+ *
+ * The top-level element in the XML is "acl" tag that contains the "role" and
+ * "permission" tags. The "role" tag contains the list of users that have been
+ * given that role. The name of the role is specified in the "role" attribute
+ * and the users are contained in the "user" tags insided the "role" tag.
+ *
+ * The "permissions" tag contains the list of operations allowed for a
+ * particular region. The role name is specified as the "role" attribute, the
+ * list of comma separated region names as the optional "regions" attribute and
+ * the operation names are contained in the "operation" tags inside the
+ * "permissions" tag. The allowed operation names are: GET, PUT, PUTALL,
+ * DESTROY, REGISTER_INTEREST, UNREGISTER_INTEREST, CONTAINS_KEY, KEY_SET,
+ * QUERY, EXECUTE_CQ, STOP_CQ, CLOSE_CQ, REGION_CLEAR, REGION_CREATE,
+ * REGION_DESTROY. These correspond to the operations in the
+ * {@link OperationCode} enumeration with the same name.
+ *
+ * When no region name is specified then the operation is allowed for all
+ * regions in the cache. Any permissions specified for regions using the
+ * "regions" attribute override these permissions. This allows users to provide
+ * generic permissions without any region name, and override for specific
+ * regions specified using the "regions" attribute. A cache-level operation
+ * (e.g. {@link OperationCode#REGION_DESTROY}) specified for a particular region
+ * is ignored i.e. the cache-level operations are only applicable when no region
+ * name is specified. A {@link OperationCode#QUERY} operation is permitted when
+ * either the {@code QUERY} permission is provided at the cache-level for
+ * the user or when {@code QUERY} permission is provided for all the
+ * regions that are part of the query string.
+ *
+ * Any roles specified in the "user" tag that do not have a specified permission
+ * set using the "permission" tags are ignored. When no {@link Principal} is
+ * associated with the current connection, then empty user name is used to
+ * search for the roles so an empty user name can be used to specify roles of
+ * unauthenticated clients (i.e. {@code Everyone}).
+ *
+ * This sample implementation is useful only for pre-operation checks and should
+ * not be used for post-operation authorization since it does nothing useful for
+ * post-operation case.
+ *
+ * @since GemFire 5.5
+ */
+public class XmlAuthorization implements AccessControl {
+
+ public static final String DOC_URI_PROP_NAME = "security-authz-xml-uri";
+
+ private static final Object sync = new Object();
+ private static final String EMPTY_VALUE = "";
+
+ private static final String TAG_ROLE = "role";
+ private static final String TAG_USER = "user";
+ private static final String TAG_PERMS = "permission";
+ private static final String TAG_OP = "operation";
+
+ private static final String ATTR_ROLENAME = "name";
+ private static final String ATTR_ROLE = "role";
+ private static final String ATTR_REGIONS = "regions";
+ private static final String ATTR_FUNCTION_IDS = "functionIds";
+ private static final String ATTR_FUNCTION_OPTIMIZE_FOR_WRITE = "optimizeForWrite";
+ private static final String ATTR_FUNCTION_KEY_SET = "keySet";
+
+ private static String currentDocUri = null;
+ private static Map<String, HashSet<String>> userRoles = null;
+ private static Map<String, Map<String, Map<OperationCode, FunctionSecurityPrmsHolder>>> rolePermissions = null;
+ private static NotAuthorizedException xmlLoadFailure = null;
+
+ private final Map<String, Map<OperationCode, FunctionSecurityPrmsHolder>> allowedOps;
+
+ protected LogWriter systemLogWriter;
+ protected LogWriter securityLogWriter;
+
+ /**
+ * Public static factory method to create an instance of
+ * {@code XmlAuthorization}. The fully qualified name of the class
+ * ({@code com.gemstone.gemfire.security.templates.XmlAuthorization.create})
+ * should be mentioned as the {@code security-client-accessor} system
+ * property to enable pre-operation authorization checks as implemented in
+ * this class.
+ *
+ * @return an object of {@code XmlAuthorization} class
+ */
+ public static AccessControl create() {
+ return new XmlAuthorization();
+ }
+
+ /**
+ * Clear all the statically cached information.
+ */
+ public static void clear() {
+ XmlAuthorization.currentDocUri = null;
+ if (XmlAuthorization.userRoles != null) {
+ XmlAuthorization.userRoles.clear();
+ XmlAuthorization.userRoles = null;
+ }
+ if (XmlAuthorization.rolePermissions != null) {
+ XmlAuthorization.rolePermissions.clear();
+ XmlAuthorization.rolePermissions = null;
+ }
+ XmlAuthorization.xmlLoadFailure = null;
+ }
+
+ /**
+ * Change the region name to a standard format having single '/' as separator
+ * and starting with a '/' as in standard POSIX paths
+ */
+ public static String normalizeRegionName(final String regionName) {
+ if (regionName == null || regionName.length() == 0) {
+ return EMPTY_VALUE;
+ }
+
+ char[] resultName = new char[regionName.length() + 1];
+ boolean changed = false;
+ boolean isPrevCharSlash = false;
+ int startIndex;
+
+ if (regionName.charAt(0) != '/') {
+ changed = true;
+ startIndex = 0;
+ } else {
+ isPrevCharSlash = true;
+ startIndex = 1;
+ }
+
+ resultName[0] = '/';
+ int resultLength = 1;
+
+ // Replace all more than one '/'s with a single '/'
+ for (int index = startIndex; index < regionName.length(); ++index) {
+ char currChar = regionName.charAt(index);
+ if (currChar == '/') {
+ if (isPrevCharSlash) {
+ changed = true;
+ continue;
+ }
+ isPrevCharSlash = true;
+ } else {
+ isPrevCharSlash = false;
+ }
+ resultName[resultLength++] = currChar;
+ }
+
+ // Remove any trailing slash
+ if (resultName[resultLength - 1] == '/') {
+ --resultLength;
+ changed = true;
+ }
+
+ if (changed) {
+ return new String(resultName, 0, resultLength);
+ } else {
+ return regionName;
+ }
+ }
+
+ private XmlAuthorization() {
+ this.allowedOps = new HashMap<String, Map<OperationCode, FunctionSecurityPrmsHolder>>();
+ this.systemLogWriter = null;
+ this.securityLogWriter = null;
+ }
+
+ /**
+ * Initialize the {@code XmlAuthorization} callback for a client having
+ * the given principal.
+ *
+ * This method caches the full XML authorization file the first time it is
+ * invoked and caches all the permissions for the provided
+ * {@code principal} to speed up lookup the
+ * {@code authorizeOperation} calls. The permissions for the principal
+ * are maintained as a {@link Map} of region name to the {@link HashSet} of
+ * operations allowed for that region. A global entry with region name as
+ * empty string is also made for permissions provided for all the regions.
+ *
+ * @param principal
+ * the principal associated with the authenticated client
+ * @param cache
+ * reference to the cache object
+ * @param remoteMember
+ * the {@link DistributedMember} object for the remote authenticated
+ * client
+ *
+ * @throws NotAuthorizedException
+ * if some exception condition happens during the initialization
+ * while reading the XML; in such a case all subsequent client
+ * operations will throw {@code NotAuthorizedException}
+ */
+ @Override
+ public void init(final Principal principal, final DistributedMember remoteMember, final Cache cache) throws NotAuthorizedException {
+ synchronized (sync) {
+ XmlAuthorization.init(cache);
+ }
+
+ this.systemLogWriter = cache.getLogger();
+ this.securityLogWriter = cache.getSecurityLogger();
+
+ String name;
+ if (principal != null) {
+ name = principal.getName();
+ } else {
+ name = EMPTY_VALUE;
+ }
+
+ HashSet<String> roles = XmlAuthorization.userRoles.get(name);
+ if (roles != null) {
+ for (String roleName : roles) {
+ Map<String, Map<OperationCode, FunctionSecurityPrmsHolder>> regionOperationMap = XmlAuthorization.rolePermissions.get(roleName);
+ if (regionOperationMap != null) {
+ for (Map.Entry<String, Map<OperationCode, FunctionSecurityPrmsHolder>> regionEntry : regionOperationMap.entrySet()) {
+ String regionName = regionEntry.getKey();
+ Map<OperationCode, FunctionSecurityPrmsHolder> regionOperations = this.allowedOps.get(regionName);
+ if (regionOperations == null) {
+ regionOperations = new HashMap<OperationCode, FunctionSecurityPrmsHolder>();
+ this.allowedOps.put(regionName, regionOperations);
+ }
+ regionOperations.putAll(regionEntry.getValue());
+ }
+ }
+ }
+ }
+ }
+
+ /**
+ * Return true if the given operation is allowed for the cache/region.
+ *
+ * This looks up the cached permissions of the principal in the map for the
+ * provided region name. If none are found then the global permissions with
+ * empty region name are looked up. The operation is allowed if it is found
+ * this permission list.
+ *
+ * @param regionName
+ * When null then it indicates a cache-level operation, else the
+ * name of the region for the operation.
+ * @param context
+ * the data required by the operation
+ *
+ * @return true if the operation is authorized and false otherwise
+ */
+ @Override
+ public boolean authorizeOperation(String regionName, final OperationContext context) {
+ Map<OperationCode, FunctionSecurityPrmsHolder> operationMap;
+
+ // Check GET permissions for updates from server to client
+ if (context.isClientUpdate()) {
+ operationMap = this.allowedOps.get(regionName);
+ if (operationMap == null && regionName.length() > 0) {
+ operationMap = this.allowedOps.get(EMPTY_VALUE);
+ }
+ if (operationMap != null) {
+ return operationMap.containsKey(OperationCode.GET);
+ }
+ return false;
+ }
+
+ OperationCode opCode = context.getOperationCode();
+ if (opCode.isQuery() || opCode.isExecuteCQ() || opCode.isCloseCQ() || opCode.isStopCQ()) {
+ // First check if cache-level permission has been provided
+ operationMap = this.allowedOps.get(EMPTY_VALUE);
+ boolean globalPermission = (operationMap != null && operationMap .containsKey(opCode));
+ Set<String> regionNames = ((QueryOperationContext)context) .getRegionNames();
+ if (regionNames == null || regionNames.size() == 0) {
+ return globalPermission;
+ }
+
+ for (String r : regionNames) {
+ regionName = normalizeRegionName(r);
+ operationMap = this.allowedOps.get(regionName);
+ if (operationMap == null) {
+ if (!globalPermission) {
+ return false;
+ }
+ } else if (!operationMap.containsKey(opCode)) {
+ return false;
+ }
+ }
+ return true;
+ }
+
+ final String normalizedRegionName = normalizeRegionName(regionName);
+ operationMap = this.allowedOps.get(normalizedRegionName);
+ if (operationMap == null && normalizedRegionName.length() > 0) {
+ operationMap = this.allowedOps.get(EMPTY_VALUE);
+ }
+ if (operationMap != null) {
+ if (context.getOperationCode() != OperationCode.EXECUTE_FUNCTION) {
+ return operationMap.containsKey(context.getOperationCode());
+
+ } else {
+ if (!operationMap.containsKey(context.getOperationCode())) {
+ return false;
+
+ } else {
+ if (!context.isPostOperation()) {
+ FunctionSecurityPrmsHolder functionParameter = operationMap.get(context.getOperationCode());
+ ExecuteFunctionOperationContext functionContext = (ExecuteFunctionOperationContext) context;
+ // OnRegion execution
+ if (functionContext.getRegionName() != null) {
+ if (functionParameter.isOptimizeForWrite() != null && functionParameter.isOptimizeForWrite().booleanValue() != functionContext.isOptimizeForWrite()) {
+ return false;
+ }
+ if (functionParameter.getFunctionIds() != null && !functionParameter.getFunctionIds().contains( functionContext.getFunctionId())) {
+ return false;
+ }
+ if (functionParameter.getKeySet() != null && functionContext.getKeySet() != null) {
+ if (functionContext.getKeySet().containsAll( functionParameter.getKeySet())) {
+ return false;
+ }
+ }
+ return true;
+
+ } else {// On Server execution
+ if (functionParameter.getFunctionIds() != null && !functionParameter.getFunctionIds().contains(functionContext.getFunctionId())) {
+ return false;
+ }
+ return true;
+ }
+
+ } else {
+ ExecuteFunctionOperationContext functionContext = (ExecuteFunctionOperationContext)context;
+ FunctionSecurityPrmsHolder functionParameter = operationMap.get(context.getOperationCode());
+ if (functionContext.getRegionName() != null) {
+ if (functionContext.getResult() instanceof ArrayList && functionParameter.getKeySet() != null) {
+ ArrayList<String> resultList = (ArrayList)functionContext.getResult();
+ Set<String> nonAllowedKeys = functionParameter.getKeySet();
+ if (resultList.containsAll(nonAllowedKeys)) {
+ return false;
+ }
+ }
+ return true;
+
+ } else {
+ ArrayList<String> resultList = (ArrayList)functionContext.getResult();
+ final String inSecureItem = "Insecure item";
+ if (resultList.contains(inSecureItem)) {
+ return false;
+ }
+ return true;
+ }
+ }
+ }
+ }
+ }
+ return false;
+ }
+
+ /**
+ * Clears the cached information for this principal.
+ */
+ @Override
+ public void close() {
+ this.allowedOps.clear();
+ }
+
+ /** Get the attribute value for a given attribute name of a node. */
+ private static String getAttributeValue(final Node node, final String attrName) {
+ NamedNodeMap attrMap = node.getAttributes();
+ Node attrNode;
+ if (attrMap != null && (attrNode = attrMap.getNamedItem(attrName)) != null) {
+ return ((Attr)attrNode).getValue();
+ }
+ return EMPTY_VALUE;
+ }
+
+ /** Get the string contained in the first text child of the node. */
+ private static String getNodeValue(final Node node) {
+ NodeList childNodes = node.getChildNodes();
+ for (int index = 0; index < childNodes.getLength(); index++) {
+ Node childNode = childNodes.item(index);
+ if (childNode.getNodeType() == Node.TEXT_NODE) {
+ return childNode.getNodeValue();
+ }
+ }
+ return EMPTY_VALUE;
+ }
+
+ /**
+ * Cache authorization information for all users statically. This method is
+ * not thread-safe and is should either be invoked only once, or the caller
+ * should take the appropriate locks.
+ *
+ * @param cache reference to the cache object for the distributed system
+ */
+ private static void init(final Cache cache) throws NotAuthorizedException {
+ final LogWriter systemLogWriter = cache.getLogger();
+ final String xmlDocumentUri = (String)cache.getDistributedSystem().getSecurityProperties().get(DOC_URI_PROP_NAME);
+
+ try {
+ if (xmlDocumentUri == null) {
+ throw new NotAuthorizedException("No ACL file defined using tag [" + DOC_URI_PROP_NAME + "] in system properties");
+ }
+ if (xmlDocumentUri.equals(XmlAuthorization.currentDocUri)) {
+ if (XmlAuthorization.xmlLoadFailure != null) {
+ throw XmlAuthorization.xmlLoadFailure;
+ }
+ return;
+ }
+
+ final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+ factory.setIgnoringComments(true);
+ factory.setIgnoringElementContentWhitespace(true);
+ factory.setValidating(true);
+
+ final DocumentBuilder builder = factory.newDocumentBuilder();
+ final XmlErrorHandler errorHandler = new XmlErrorHandler(systemLogWriter, xmlDocumentUri);
+ builder.setErrorHandler(errorHandler);
+ builder.setEntityResolver(new AuthzDtdResolver());
+
+ final Document xmlDocument = builder.parse(xmlDocumentUri);
+
+ XmlAuthorization.userRoles = new HashMap<String, HashSet<String>>();
+ XmlAuthorization.rolePermissions = new HashMap<String, Map<String, Map<OperationCode, FunctionSecurityPrmsHolder>>>();
+
+ final NodeList roleUserNodes = xmlDocument.getElementsByTagName(TAG_ROLE);
+
+ for (int roleIndex = 0; roleIndex < roleUserNodes.getLength(); roleIndex++) {
+ final Node roleUserNode = roleUserNodes.item(roleIndex);
+ final String roleName = getAttributeValue(roleUserNode, ATTR_ROLENAME);
+ final NodeList userNodes = roleUserNode.getChildNodes();
+
+ for (int userIndex = 0; userIndex < userNodes.getLength(); userIndex++) {
+ final Node userNode = userNodes.item(userIndex);
+
+ if (TAG_USER.equals(userNode.getNodeName())) {
+ final String userName = getNodeValue(userNode);
+ HashSet<String> userRoleSet = XmlAuthorization.userRoles.get(userName);
+ if (userRoleSet == null) {
+ userRoleSet = new HashSet<String>();
+ XmlAuthorization.userRoles.put(userName, userRoleSet);
+ }
+ userRoleSet.add(roleName);
+
+ } else {
+ throw new SAXParseException("Unknown tag [" + userNode.getNodeName() + "] as child of tag [" + TAG_ROLE + ']', null);
+ }
+ }
+ }
+
+ final NodeList rolePermissionNodes = xmlDocument.getElementsByTagName(TAG_PERMS);
+
+ for (int permIndex = 0; permIndex < rolePermissionNodes.getLength(); permIndex++) {
+ final Node rolePermissionNode = rolePermissionNodes.item(permIndex);
+ final String roleName = getAttributeValue(rolePermissionNode, ATTR_ROLE);
+ Map<String, Map<OperationCode, FunctionSecurityPrmsHolder>> regionOperationMap = XmlAuthorization.rolePermissions.get(roleName);
+
+ if (regionOperationMap == null) {
+ regionOperationMap = new HashMap<String, Map<OperationCode, FunctionSecurityPrmsHolder>>();
+ XmlAuthorization.rolePermissions.put(roleName, regionOperationMap);
+ }
+
+ final NodeList operationNodes = rolePermissionNode.getChildNodes();
+ final HashMap<OperationCode, FunctionSecurityPrmsHolder> operationMap = new HashMap<OperationCode, FunctionSecurityPrmsHolder>();
+
+ for (int opIndex = 0; opIndex < operationNodes.getLength(); opIndex++) {
+ final Node operationNode = operationNodes.item(opIndex);
+
+ if (TAG_OP.equals(operationNode.getNodeName())) {
+ final String operationName = getNodeValue(operationNode);
+ final OperationCode code = OperationCode.valueOf(operationName);
+
+ if (code == null) {
+ throw new SAXParseException("Unknown operation [" + operationName + ']', null);
+ }
+
+ if (code != OperationCode.EXECUTE_FUNCTION) {
+ operationMap.put(code, null);
+
+ } else {
+ final String optimizeForWrite = getAttributeValue(operationNode, ATTR_FUNCTION_OPTIMIZE_FOR_WRITE);
+ final String functionAttr = getAttributeValue(operationNode, ATTR_FUNCTION_IDS);
+ final String keysAttr = getAttributeValue(operationNode, ATTR_FUNCTION_KEY_SET);
+
+ Boolean isOptimizeForWrite;
+ HashSet<String> functionIds;
+ HashSet<String> keySet;
+
+ if (optimizeForWrite == null || optimizeForWrite.length() == 0) {
+ isOptimizeForWrite = null;
+ } else {
+ isOptimizeForWrite = Boolean.parseBoolean(optimizeForWrite);
+ }
+
+ if (functionAttr == null || functionAttr.length() == 0) {
+ functionIds = null;
+ } else {
+ final String[] functionArray = functionAttr.split(",");
+ functionIds = new HashSet<String>();
+ for (int strIndex = 0; strIndex < functionArray.length; ++strIndex) {
+ functionIds.add((functionArray[strIndex]));
+ }
+ }
+
+ if (keysAttr == null || keysAttr.length() == 0) {
+ keySet = null;
+ } else {
+ final String[] keySetArray = keysAttr.split(",");
+ keySet = new HashSet<String>();
+ for (int strIndex = 0; strIndex < keySetArray.length; ++strIndex) {
+ keySet.add((keySetArray[strIndex]));
+ }
+ }
+
+ final FunctionSecurityPrmsHolder functionContext = new FunctionSecurityPrmsHolder(isOptimizeForWrite, functionIds, keySet);
+ operationMap.put(code, functionContext);
+ }
+
+ } else {
+ throw new SAXParseException("Unknown tag [" + operationNode.getNodeName() + "] as child of tag [" + TAG_PERMS + ']', null);
+ }
+ }
+
+ final String regionNames = getAttributeValue(rolePermissionNode, ATTR_REGIONS);
+ if (regionNames == null || regionNames.length() == 0) {
+ regionOperationMap.put(EMPTY_VALUE, operationMap);
+ } else {
+ final String[] regionNamesSplit = regionNames.split(",");
+ for (int strIndex = 0; strIndex < regionNamesSplit.length; ++strIndex) {
+ regionOperationMap.put(normalizeRegionName(regionNamesSplit[strIndex]), operationMap);
+ }
+ }
+ }
+ XmlAuthorization.currentDocUri = xmlDocumentUri;
+
+ } catch (Exception ex) {
+ String message;
+ if (ex instanceof NotAuthorizedException) {
+ message = ex.getMessage();
+ }
+ else {
+ message = ex.getClass().getName() + ": " + ex.getMessage();
+ }
+ systemLogWriter.warning("XmlAuthorization.init: " + message);
+ XmlAuthorization.xmlLoadFailure = new NotAuthorizedException(message, ex);
+ throw XmlAuthorization.xmlLoadFailure;
+ }
+ }
+
+ private static class AuthzDtdResolver implements EntityResolver {
+ final Pattern authzPattern = Pattern.compile("authz.*\\.dtd");
+
+ @Override
+ public InputSource resolveEntity(final String publicId, final String systemId) throws SAXException, IOException {
+ try {
+ final Matcher matcher = authzPattern.matcher(systemId);
+ if (matcher.find()) {
+ final String dtdName = matcher.group(0);
+ final InputStream stream = XmlAuthorization.class.getResourceAsStream(dtdName);
+ return new InputSource(stream);
+ }
+
+ } catch(Exception e) {
+ //do nothing, use the default resolver
+ }
+
+ return null;
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/org/apache/geode/security/templates/XmlErrorHandler.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/templates/XmlErrorHandler.java b/geode-core/src/test/java/org/apache/geode/security/templates/XmlErrorHandler.java
new file mode 100755
index 0000000..c770eb7
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/templates/XmlErrorHandler.java
@@ -0,0 +1,75 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security.templates;
+
+import org.apache.logging.log4j.Logger;
+import org.xml.sax.ErrorHandler;
+import org.xml.sax.SAXException;
+import org.xml.sax.SAXParseException;
+
+import com.gemstone.gemfire.LogWriter;
+import com.gemstone.gemfire.internal.logging.LogService;
+
+/**
+ * Implementation of {@link ErrorHandler} interface to handle validation errors
+ * while XML parsing.
+ *
+ * This throws back exceptions raised for {@code error} and {@code fatalError}
+ * cases while a {@link LogWriter#warning(String)} level logging is done for
+ * the {@code warning} case.
+ *
+ * @since GemFire 5.5
+ */
+public class XmlErrorHandler implements ErrorHandler {
+
+ private static final Logger logger = LogService.getLogger();
+
+ private final LogWriter systemLogWriter;
+ private final String xmlFileName;
+
+ public XmlErrorHandler(final LogWriter systemLogWriter, final String xmlFileName) {
+ this.systemLogWriter = systemLogWriter;
+ this.xmlFileName = xmlFileName;
+ }
+
+ /**
+ * Throws back the exception with the name of the XML file and the position
+ * where the exception occurred.
+ */
+ @Override
+ public void error(final SAXParseException exception) throws SAXException {
+ throw new SAXParseException("Error while parsing XML at line " + exception.getLineNumber() + " column " + exception.getColumnNumber() + ": " + exception.getMessage(), null, exception);
+ }
+
+ /**
+ * Throws back the exception with the name of the XML file and the position
+ * where the exception occurred.
+ */
+ @Override
+ public void fatalError(final SAXParseException exception) throws SAXException {
+ throw new SAXParseException("Fatal error while parsing XML at line " + exception.getLineNumber() + " column " + exception.getColumnNumber() + ": " + exception.getMessage(), null, exception);
+ }
+
+ /**
+ * Log the exception at {@link LogWriter#warning(String)} level with XML
+ * filename and the position of exception in the file.
+ */
+ @Override
+ public void warning(final SAXParseException exception) throws SAXException {
+ this.systemLogWriter.warning("Warning while parsing XML [" + this.xmlFileName + "] at line " + exception.getLineNumber() + " column " + exception.getColumnNumber() + ": " + exception.getMessage(), exception);
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/authz-dummy.xml
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/authz-dummy.xml b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/authz-dummy.xml
deleted file mode 100644
index de0cd17..0000000
--- a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/authz-dummy.xml
+++ /dev/null
@@ -1,124 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<!--
- ~ Licensed to the Apache Software Foundation (ASF) under one or more
- ~ contributor license agreements. See the NOTICE file distributed with
- ~ this work for additional information regarding copyright ownership.
- ~ The ASF licenses this file to You under the Apache License, Version 2.0
- ~ (the "License"); you may not use this file except in compliance with
- ~ the License. You may obtain a copy of the License at
- ~
- ~ http://www.apache.org/licenses/LICENSE-2.0
- ~
- ~ Unless required by applicable law or agreed to in writing, software
- ~ distributed under the License is distributed on an "AS IS" BASIS,
- ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- ~ See the License for the specific language governing permissions and
- ~ limitations under the License.
- -->
-
-<!DOCTYPE acl PUBLIC "-//GemStone Systems, Inc.//GemFire XML Authorization 1.0//EN"
- "com/gemstone/gemfire/security/templates/authz6_0.dtd" >
-<acl>
-
- <role name="reader">
- <user>reader0</user>
- <user>reader1</user>
- <user>reader2</user>
- <user>root</user>
- <user>admin</user>
- <user>administrator</user>
- </role>
-
- <role name="writer">
- <user>writer0</user>
- <user>writer1</user>
- <user>writer2</user>
- <user>root</user>
- <user>admin</user>
- <user>administrator</user>
- </role>
-
- <role name="cacheOps">
- <user>root</user>
- <user>admin</user>
- <user>administrator</user>
- </role>
-
- <role name="queryRegions">
- <user>reader3</user>
- <user>reader4</user>
- </role>
-
- <role name="registerInterest">
- <user>reader5</user>
- <user>reader6</user>
- </role>
-
- <role name="unregisterInterest">
- <user>reader5</user>
- <user>reader7</user>
- </role>
-
- <role name="onRegionFunctionExecutor">
- <user>reader8</user>
- </role>
-
- <role name="onServerFunctionExecutor">
- <user>reader9</user>
- </role>
-
- <permission role="cacheOps">
- <operation>QUERY</operation>
- <operation>EXECUTE_CQ</operation>
- <operation>STOP_CQ</operation>
- <operation>CLOSE_CQ</operation>
- <operation>REGION_CREATE</operation>
- <operation>REGION_DESTROY</operation>
- </permission>
-
- <permission role="reader">
- <operation>GET</operation>
- <operation>REGISTER_INTEREST</operation>
- <operation>UNREGISTER_INTEREST</operation>
- <operation>KEY_SET</operation>
- <operation>CONTAINS_KEY</operation>
- <operation>EXECUTE_FUNCTION</operation>
- </permission>
-
- <permission role="writer">
- <operation>PUT</operation>
- <operation>PUTALL</operation>
- <operation>DESTROY</operation>
- <operation>INVALIDATE</operation>
- <operation>REGION_CLEAR</operation>
- </permission>
-
- <permission role="queryRegions" regions="//Portfolios,/Positions/,AuthRegion">
- <operation>QUERY</operation>
- <operation>EXECUTE_CQ</operation>
- <operation>STOP_CQ</operation>
- <operation>CLOSE_CQ</operation>
- </permission>
-
- <permission role="onRegionFunctionExecutor" regions="secureRegion,Positions">
- <operation>PUT</operation>
- <operation functionIds="SecureFunction,OptimizationFunction" optimizeForWrite="false" keySet="KEY-0,KEY-1">EXECUTE_FUNCTION</operation>
- </permission>
-
- <permission role="onServerFunctionExecutor" >
- <operation>PUT</operation>
- <operation functionIds="SecureFunction,OptimizationFunction">EXECUTE_FUNCTION</operation>
- </permission>
-
- <permission role="registerInterest">
- <operation>REGISTER_INTEREST</operation>
- <operation>GET</operation>
- </permission>
-
- <permission role="unregisterInterest">
- <operation>UNREGISTER_INTEREST</operation>
- <operation>GET</operation>
- </permission>
-
-</acl>
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/authz-ldap.xml
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/authz-ldap.xml b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/authz-ldap.xml
deleted file mode 100644
index cdfd478..0000000
--- a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/authz-ldap.xml
+++ /dev/null
@@ -1,83 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<!--
- ~ Licensed to the Apache Software Foundation (ASF) under one or more
- ~ contributor license agreements. See the NOTICE file distributed with
- ~ this work for additional information regarding copyright ownership.
- ~ The ASF licenses this file to You under the Apache License, Version 2.0
- ~ (the "License"); you may not use this file except in compliance with
- ~ the License. You may obtain a copy of the License at
- ~
- ~ http://www.apache.org/licenses/LICENSE-2.0
- ~
- ~ Unless required by applicable law or agreed to in writing, software
- ~ distributed under the License is distributed on an "AS IS" BASIS,
- ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- ~ See the License for the specific language governing permissions and
- ~ limitations under the License.
- -->
-
-<!DOCTYPE acl PUBLIC "-//GemStone Systems, Inc.//GemFire XML Authorization 1.0//EN"
- "com/gemstone/gemfire/security/templates/authz5_5.dtd" >
-<acl>
-
- <role name="reader">
- <user>gemfire1</user>
- <user>gemfire2</user>
- <user>gemfire3</user>
- <user>gemfire4</user>
- <user>gemfire5</user>
- </role>
-
- <role name="writer">
- <user>gemfire1</user>
- <user>gemfire2</user>
- <user>gemfire6</user>
- <user>gemfire7</user>
- <user>gemfire8</user>
- </role>
-
- <role name="cacheOps">
- <user>gemfire1</user>
- <user>gemfire2</user>
- </role>
-
- <role name="queryRegions">
- <user>gemfire9</user>
- <user>gemfire10</user>
- </role>
-
- <permission role="cacheOps">
- <operation>QUERY</operation>
- <operation>EXECUTE_CQ</operation>
- <operation>STOP_CQ</operation>
- <operation>CLOSE_CQ</operation>
- <operation>REGION_CREATE</operation>
- <operation>REGION_DESTROY</operation>
- </permission>
-
- <permission role="reader">
- <operation>GET</operation>
- <operation>REGISTER_INTEREST</operation>
- <operation>UNREGISTER_INTEREST</operation>
- <operation>KEY_SET</operation>
- <operation>CONTAINS_KEY</operation>
- <operation>EXECUTE_FUNCTION</operation>
- </permission>
-
- <permission role="writer">
- <operation>PUT</operation>
- <operation>PUTALL</operation>
- <operation>DESTROY</operation>
- <operation>INVALIDATE</operation>
- <operation>REGION_CLEAR</operation>
- </permission>
-
- <permission role="queryRegions" regions="Portfolios,/Positions//,/AuthRegion">
- <operation>QUERY</operation>
- <operation>EXECUTE_CQ</operation>
- <operation>STOP_CQ</operation>
- <operation>CLOSE_CQ</operation>
- </permission>
-
-</acl>
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/authz-multiUser-dummy.xml
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/authz-multiUser-dummy.xml b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/authz-multiUser-dummy.xml
deleted file mode 100644
index f64eb2e..0000000
--- a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/authz-multiUser-dummy.xml
+++ /dev/null
@@ -1,104 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<!--
- ~ Licensed to the Apache Software Foundation (ASF) under one or more
- ~ contributor license agreements. See the NOTICE file distributed with
- ~ this work for additional information regarding copyright ownership.
- ~ The ASF licenses this file to You under the Apache License, Version 2.0
- ~ (the "License"); you may not use this file except in compliance with
- ~ the License. You may obtain a copy of the License at
- ~
- ~ http://www.apache.org/licenses/LICENSE-2.0
- ~
- ~ Unless required by applicable law or agreed to in writing, software
- ~ distributed under the License is distributed on an "AS IS" BASIS,
- ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- ~ See the License for the specific language governing permissions and
- ~ limitations under the License.
- -->
-
-<!DOCTYPE acl PUBLIC "-//GemStone Systems, Inc.//GemFire XML Authorization 1.0//EN"
- "com/gemstone/gemfire/security/templates/authz6_0.dtd" >
-<acl>
-
- <role name="reader">
- <user>user1</user>
- <user>user2</user>
- <user>root</user>
- <user>admin</user>
- <user>administrator</user>
- </role>
-
- <role name="writer">
- <user>user3</user>
- <user>user4</user>
- <user>root</user>
- <user>admin</user>
- <user>administrator</user>
- </role>
-
- <role name="cacheOps">
- <user>user1</user>
- <user>user2</user>
- <user>root</user>
- <user>admin</user>
- <user>administrator</user>
- </role>
-
- <role name="queryRegions">
- <user>user5</user>
- <user>user6</user>
- </role>
-
- <role name="registerInterest">
- <user>user7</user>
- <user>user8</user>
- </role>
-
- <role name="unregisterInterest">
- <user>user5</user>
- <user>user7</user>
- </role>
-
- <permission role="cacheOps">
- <operation>QUERY</operation>
- <operation>EXECUTE_CQ</operation>
- <operation>STOP_CQ</operation>
- <operation>CLOSE_CQ</operation>
- </permission>
-
- <permission role="reader">
- <operation>GET</operation>
- <operation>REGISTER_INTEREST</operation>
- <operation>UNREGISTER_INTEREST</operation>
- <operation>KEY_SET</operation>
- <operation>CONTAINS_KEY</operation>
- <operation>EXECUTE_FUNCTION</operation>
- </permission>
-
- <permission role="writer">
- <operation>PUT</operation>
- <operation>PUTALL</operation>
- <operation>DESTROY</operation>
- <operation>INVALIDATE</operation>
- <operation>REGION_CLEAR</operation>
- </permission>
-
- <permission role="queryRegions" regions="//Portfolios,/Positions/,AuthRegion">
- <operation>QUERY</operation>
- <operation>EXECUTE_CQ</operation>
- <operation>STOP_CQ</operation>
- <operation>CLOSE_CQ</operation>
- </permission>
-
- <permission role="registerInterest">
- <operation>REGISTER_INTEREST</operation>
- <operation>GET</operation>
- </permission>
-
- <permission role="unregisterInterest">
- <operation>UNREGISTER_INTEREST</operation>
- <operation>GET</operation>
- </permission>
-
-</acl>
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/authz-multiUser-ldap.xml
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/authz-multiUser-ldap.xml b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/authz-multiUser-ldap.xml
deleted file mode 100644
index 5469972..0000000
--- a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/authz-multiUser-ldap.xml
+++ /dev/null
@@ -1,81 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<!--
- ~ Licensed to the Apache Software Foundation (ASF) under one or more
- ~ contributor license agreements. See the NOTICE file distributed with
- ~ this work for additional information regarding copyright ownership.
- ~ The ASF licenses this file to You under the Apache License, Version 2.0
- ~ (the "License"); you may not use this file except in compliance with
- ~ the License. You may obtain a copy of the License at
- ~
- ~ http://www.apache.org/licenses/LICENSE-2.0
- ~
- ~ Unless required by applicable law or agreed to in writing, software
- ~ distributed under the License is distributed on an "AS IS" BASIS,
- ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- ~ See the License for the specific language governing permissions and
- ~ limitations under the License.
- -->
-
-<!DOCTYPE acl PUBLIC "-//GemStone Systems, Inc.//GemFire XML Authorization 1.0//EN"
- "com/gemstone/gemfire/security/templates/authz5_5.dtd" >
-<acl>
-
- <role name="reader">
- <user>gemfire1</user>
- <user>gemfire2</user>
- <user>gemfire3</user>
- <user>gemfire4</user>
- <user>gemfire5</user>
- </role>
-
- <role name="writer">
- <user>gemfire1</user>
- <user>gemfire2</user>
- <user>gemfire6</user>
- <user>gemfire7</user>
- <user>gemfire8</user>
- </role>
-
- <role name="cacheOps">
- <user>gemfire1</user>
- <user>gemfire2</user>
- </role>
-
- <role name="queryRegions">
- <user>gemfire9</user>
- <user>gemfire10</user>
- </role>
-
- <permission role="cacheOps">
- <operation>QUERY</operation>
- <operation>EXECUTE_CQ</operation>
- <operation>STOP_CQ</operation>
- <operation>CLOSE_CQ</operation>
- </permission>
-
- <permission role="reader">
- <operation>GET</operation>
- <operation>REGISTER_INTEREST</operation>
- <operation>UNREGISTER_INTEREST</operation>
- <operation>KEY_SET</operation>
- <operation>CONTAINS_KEY</operation>
- <operation>EXECUTE_FUNCTION</operation>
- </permission>
-
- <permission role="writer">
- <operation>PUT</operation>
- <operation>PUTALL</operation>
- <operation>DESTROY</operation>
- <operation>INVALIDATE</operation>
- <operation>REGION_CLEAR</operation>
- </permission>
-
- <permission role="queryRegions" regions="Portfolios,/Positions//,/AuthRegion">
- <operation>QUERY</operation>
- <operation>EXECUTE_CQ</operation>
- <operation>STOP_CQ</operation>
- <operation>CLOSE_CQ</operation>
- </permission>
-
-</acl>
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/gemfire1.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/gemfire1.keystore b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/gemfire1.keystore
deleted file mode 100644
index 15270bb..0000000
Binary files a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/gemfire1.keystore and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/gemfire10.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/gemfire10.keystore b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/gemfire10.keystore
deleted file mode 100644
index bb6f827..0000000
Binary files a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/gemfire10.keystore and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/gemfire11.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/gemfire11.keystore b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/gemfire11.keystore
deleted file mode 100644
index 6839c74..0000000
Binary files a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/gemfire11.keystore and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/gemfire2.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/gemfire2.keystore b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/gemfire2.keystore
deleted file mode 100644
index fcb7ab8..0000000
Binary files a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/gemfire2.keystore and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/gemfire3.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/gemfire3.keystore b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/gemfire3.keystore
deleted file mode 100644
index 19afc4b..0000000
Binary files a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/gemfire3.keystore and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/gemfire4.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/gemfire4.keystore b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/gemfire4.keystore
deleted file mode 100644
index c65916a..0000000
Binary files a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/gemfire4.keystore and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/gemfire5.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/gemfire5.keystore b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/gemfire5.keystore
deleted file mode 100644
index d738cca..0000000
Binary files a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/gemfire5.keystore and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/gemfire6.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/gemfire6.keystore b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/gemfire6.keystore
deleted file mode 100644
index 1fea2d3..0000000
Binary files a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/gemfire6.keystore and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/gemfire7.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/gemfire7.keystore b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/gemfire7.keystore
deleted file mode 100644
index 7a3187c..0000000
Binary files a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/gemfire7.keystore and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/gemfire8.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/gemfire8.keystore b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/gemfire8.keystore
deleted file mode 100644
index a3bb886..0000000
Binary files a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/gemfire8.keystore and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/gemfire9.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/gemfire9.keystore b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/gemfire9.keystore
deleted file mode 100644
index 674b4e6..0000000
Binary files a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/gemfire9.keystore and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/ibm/gemfire1.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/ibm/gemfire1.keystore b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/ibm/gemfire1.keystore
deleted file mode 100644
index 4f9120c..0000000
Binary files a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/ibm/gemfire1.keystore and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/ibm/gemfire10.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/ibm/gemfire10.keystore b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/ibm/gemfire10.keystore
deleted file mode 100644
index 0bd97d77..0000000
Binary files a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/ibm/gemfire10.keystore and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/ibm/gemfire11.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/ibm/gemfire11.keystore b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/ibm/gemfire11.keystore
deleted file mode 100644
index 62ae3c7..0000000
Binary files a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/ibm/gemfire11.keystore and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/ibm/gemfire2.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/ibm/gemfire2.keystore b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/ibm/gemfire2.keystore
deleted file mode 100644
index c65bc81..0000000
Binary files a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/ibm/gemfire2.keystore and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/ibm/gemfire3.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/ibm/gemfire3.keystore b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/ibm/gemfire3.keystore
deleted file mode 100644
index b0796e0..0000000
Binary files a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/ibm/gemfire3.keystore and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/ibm/gemfire4.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/ibm/gemfire4.keystore b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/ibm/gemfire4.keystore
deleted file mode 100644
index 9c94018..0000000
Binary files a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/ibm/gemfire4.keystore and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/ibm/gemfire5.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/ibm/gemfire5.keystore b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/ibm/gemfire5.keystore
deleted file mode 100644
index 33f6937..0000000
Binary files a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/ibm/gemfire5.keystore and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/ibm/gemfire6.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/ibm/gemfire6.keystore b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/ibm/gemfire6.keystore
deleted file mode 100644
index 568f674..0000000
Binary files a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/ibm/gemfire6.keystore and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/ibm/gemfire7.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/ibm/gemfire7.keystore b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/ibm/gemfire7.keystore
deleted file mode 100644
index 80e2d80..0000000
Binary files a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/ibm/gemfire7.keystore and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/ibm/gemfire8.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/ibm/gemfire8.keystore b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/ibm/gemfire8.keystore
deleted file mode 100644
index a15def5..0000000
Binary files a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/ibm/gemfire8.keystore and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/ibm/gemfire9.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/ibm/gemfire9.keystore b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/ibm/gemfire9.keystore
deleted file mode 100644
index 72087f3..0000000
Binary files a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/ibm/gemfire9.keystore and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/ibm/publickeyfile
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/ibm/publickeyfile b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/ibm/publickeyfile
deleted file mode 100644
index 1b13872..0000000
Binary files a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/ibm/publickeyfile and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/publickeyfile
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/publickeyfile b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/publickeyfile
deleted file mode 100644
index 9c2daa3..0000000
Binary files a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/keys/publickeyfile and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/com/gemstone/gemfire/security/peerAuth.json
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/peerAuth.json b/geode-core/src/test/resources/com/gemstone/gemfire/security/peerAuth.json
deleted file mode 100644
index 9bd8936..0000000
--- a/geode-core/src/test/resources/com/gemstone/gemfire/security/peerAuth.json
+++ /dev/null
@@ -1,36 +0,0 @@
-{
- "users": [
- {
- "name": "locator1",
- "password": "1234567",
- "roles": [
- ]
- },
- {
- "name": "server1",
- "password": "1234567",
- "roles": [
- ]
- },
- {
- "name": "server2",
- "password": "1234567",
- "roles": [
- ]
- }
- ]
-
-}
-
-
-
-
-
-
-
-
-
-
-
-
-
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/com/gemstone/gemfire/security/templates/authz5_5.dtd
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/templates/authz5_5.dtd b/geode-core/src/test/resources/com/gemstone/gemfire/security/templates/authz5_5.dtd
deleted file mode 100644
index 7080c0e..0000000
--- a/geode-core/src/test/resources/com/gemstone/gemfire/security/templates/authz5_5.dtd
+++ /dev/null
@@ -1,105 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-Licensed to the Apache Software Foundation (ASF) under one or more
-contributor license agreements. See the NOTICE file distributed with
-this work for additional information regarding copyright ownership.
-The ASF licenses this file to You under the Apache License, Version 2.0
-(the "License"); you may not use this file except in compliance with
-the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-<!--
-
-This is the XML DTD for the GemFire sample XML based authorization callback
-in com.gemstone.gemfire.security.templates.XmlAuthorization.
-
-All XMLs must include a DOCTYPE of the following form:
-
- <!DOCTYPE acl PUBLIC
- "-//GemStone Systems, Inc.//GemFire XML Authorization 1.0//EN"
- "http://www.gemstone.com/dtd/authz5_5.dtd">
-
-The contents of a declarative XML file correspond to APIs found in the
-
- com.gemstone.gemfire.security.AccessControl
-
-package. The sample implementation may be used to specify access control
-policies.
-
--->
-
-<!--
-
-The following conventions apply to all GemFire sample authorization
-XML file elements unless indicated otherwise.
-
-- In elements that contain PCDATA, leading and trailing whitespace in
- the data may be ignored.
-
-- In elements whose value is an "enumerated type", the value is case
- sensitive.
-
--->
-
-
-<!--
-The "acl" element is the root element of the authorization file.
-This element contains the role to user mappings and role to permissions
-mapping on a per region per operation basis.
--->
-
-<!ELEMENT acl (role+,permission+)>
-
-<!--
-The "role" element contains the set of users that have the permissions of
-given role. A user can be present in more than one "role" elements in
-which case the union of the permissions to all those roles determines
-the full set of permissions to be given to the user.
--->
-
-<!ELEMENT role (user*)>
-<!ATTLIST role
- name CDATA #REQUIRED
->
-
-<!--
-The "user" element is contained within the "role" element and contains
-the name of a user having the permissions of that role.
--->
-
-<!ELEMENT user (#PCDATA)>
-
-<!--
-The "permission" element specifies the list of operations that are allowed
-for a particular role in the given regions as provided in the optional
-"regions" attribute. The value of "regions" attribute should be a comma
-separated list of region names for which permissions are to be provided.
-If no "regions" attribute is provided then those permissions are provided
-for all the other regions (i.e. other than those that have been explicitly
-specified). Permissions for cache level operations REGION_DESTROY,
-REGION_CREATE, QUERY and CQ operations should be specified with no "regions"
-attribute. If cache-level permission is not provided for QUERY or CQ operations
-then the permission for all the region names in the query string is checked.
--->
-
-<!ELEMENT permission (operation*)>
-<!ATTLIST permission
- role CDATA #REQUIRED
- regions CDATA #IMPLIED
->
-
-
-<!--
-The operation should be one of the following strings:
- GET, PUT, PUTALL, DESTROY, REGISTER_INTEREST, UNREGISTER_INTEREST,
- CONTAINS_KEY, KEY_SET, QUERY, EXECUTE_CQ, STOP_CQ, CLOSE_CQ, REGION_CLEAR,
- REGION_CREATE, REGION_DESTROY
--->
-<!ELEMENT operation (#PCDATA)>
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/resources/com/gemstone/gemfire/security/templates/authz6_0.dtd
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/templates/authz6_0.dtd b/geode-core/src/test/resources/com/gemstone/gemfire/security/templates/authz6_0.dtd
deleted file mode 100755
index a77563a..0000000
--- a/geode-core/src/test/resources/com/gemstone/gemfire/security/templates/authz6_0.dtd
+++ /dev/null
@@ -1,110 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-Licensed to the Apache Software Foundation (ASF) under one or more
-contributor license agreements. See the NOTICE file distributed with
-this work for additional information regarding copyright ownership.
-The ASF licenses this file to You under the Apache License, Version 2.0
-(the "License"); you may not use this file except in compliance with
-the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-<!--
-
-This is the XML DTD for the GemFire sample XML based authorization callback
-in com.gemstone.gemfire.security.templates.XmlAuthorization.
-
-All XMLs must include a DOCTYPE of the following form:
-
- <!DOCTYPE acl PUBLIC
- "-//GemStone Systems, Inc.//GemFire XML Authorization 1.0//EN"
- "http://www.gemstone.com/dtd/authz5_5.dtd">
-
-The contents of a declarative XML file correspond to APIs found in the
-
- com.gemstone.gemfire.security.AccessControl
-
-package. The sample implementation may be used to specify access control
-policies.
-
--->
-
-<!--
-
-The following conventions apply to all GemFire sample authorization
-XML file elements unless indicated otherwise.
-
-- In elements that contain PCDATA, leading and trailing whitespace in
- the data may be ignored.
-
-- In elements whose value is an "enumerated type", the value is case
- sensitive.
-
--->
-
-
-<!--
-The "acl" element is the root element of the authorization file.
-This element contains the role to user mappings and role to permissions
-mapping on a per region per operation basis.
--->
-
-<!ELEMENT acl (role+,permission+)>
-
-<!--
-The "role" element contains the set of users that have the permissions of
-given role. A user can be present in more than one "role" elements in
-which case the union of the permissions to all those roles determines
-the full set of permissions to be given to the user.
--->
-
-<!ELEMENT role (user*)>
-<!ATTLIST role
- name CDATA #REQUIRED
->
-
-<!--
-The "user" element is contained within the "role" element and contains
-the name of a user having the permissions of that role.
--->
-
-<!ELEMENT user (#PCDATA)>
-
-<!--
-The "permission" element specifies the list of operations that are allowed
-for a particular role in the given regions as provided in the optional
-"regions" attribute. The value of "regions" attribute should be a comma
-separated list of region names for which permissions are to be provided.
-If no "regions" attribute is provided then those permissions are provided
-for all the other regions (i.e. other than those that have been explicitly
-specified). Permissions for cache level operations REGION_DESTROY,
-REGION_CREATE, QUERY and CQ operations should be specified with no "regions"
-attribute. If cache-level permission is not provided for QUERY or CQ operations
-then the permission for all the region names in the query string is checked.
--->
-
-<!ELEMENT permission (operation*)>
-<!ATTLIST permission
- role CDATA #REQUIRED
- regions CDATA #IMPLIED
->
-
-
-<!--
-The operation should be one of the following strings:
- GET, PUT, PUTALL, DESTROY, REGISTER_INTEREST, UNREGISTER_INTEREST,
- CONTAINS_KEY, KEY_SET, QUERY, EXECUTE_CQ, STOP_CQ, CLOSE_CQ, REGION_CLEAR,
- REGION_CREATE, REGION_DESTROY
--->
-<!ELEMENT operation (#PCDATA)>
-<!ATTLIST operation
- functionIds CDATA #IMPLIED
- optimizeForWrite CDATA #IMPLIED
- keySet CDATA #IMPLIED
->
[14/15] incubator-geode git commit: GEODE-37 Renamed security related
stuff
Posted by hi...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationPart2DUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationPart2DUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationPart2DUnitTest.java
deleted file mode 100644
index 24fcc3f..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationPart2DUnitTest.java
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.gemstone.gemfire.security;
-
-import org.junit.Ignore;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import com.gemstone.gemfire.test.junit.categories.DistributedTest;
-import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-
-/**
- * this class contains test methods that used to be in its superclass but
- * that test started taking too long and caused dunit runs to hang
- */
-@Category({ DistributedTest.class, SecurityTest.class })
-public class ClientAuthenticationPart2DUnitTest extends ClientAuthenticationTestCase {
-
- @Test
- public void testNoCredentialsForMultipleUsers() throws Exception {
- doTestNoCredentials(true);
- }
-
- @Test
- public void testInvalidCredentialsForMultipleUsers() throws Exception {
- doTestInvalidCredentials(true);
- }
-
- @Test
- public void testInvalidAuthInitForMultipleUsers() throws Exception {
- doTestInvalidAuthInit(true);
- }
-
- @Test
- public void testNoAuthInitWithCredentialsForMultipleUsers() throws Exception {
- doTestNoAuthInitWithCredentials(true);
- }
-
- @Test
- public void testInvalidAuthenitcatorForMultipleUsers() throws Exception {
- doTestInvalidAuthenticator(true);
- }
-
- @Test
- public void testNoAuthenticatorWithCredentialsForMultipleUsers() throws Exception {
- doTestNoAuthenticatorWithCredentials(true);
- }
-
- @Ignore("Disabled for unknown reason")
- @Test
- public void testCredentialsWithFailoverForMultipleUsers() throws Exception {
- doTestCredentialsWithFailover(true);
- }
-
- @Ignore("Disabled for unknown reason")
- @Test
- public void testCredentialsForNotificationsForMultipleUsers() throws Exception {
- doTestCredentialsForNotifications(true);
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationTestCase.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationTestCase.java b/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationTestCase.java
deleted file mode 100644
index 7e6d022..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationTestCase.java
+++ /dev/null
@@ -1,562 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security;
-
-import static com.gemstone.gemfire.internal.AvailablePort.*;
-import static com.gemstone.gemfire.security.ClientAuthenticationTestUtils.createCacheClient;
-import static com.gemstone.gemfire.security.ClientAuthenticationTestUtils.createCacheServer;
-import static com.gemstone.gemfire.security.ClientAuthenticationTestUtils.*;
-import static com.gemstone.gemfire.security.SecurityTestUtils.*;
-import static com.gemstone.gemfire.security.SecurityTestUtils.createCacheClient;
-import static com.gemstone.gemfire.test.dunit.IgnoredException.*;
-import static com.gemstone.gemfire.test.dunit.LogWriterUtils.*;
-import static com.gemstone.gemfire.test.dunit.Wait.*;
-
-import java.io.IOException;
-import java.util.Properties;
-import javax.net.ssl.SSLException;
-import javax.net.ssl.SSLHandshakeException;
-
-import com.gemstone.gemfire.security.generator.CredentialGenerator;
-import com.gemstone.gemfire.security.generator.DummyCredentialGenerator;
-import com.gemstone.gemfire.test.dunit.Host;
-import com.gemstone.gemfire.test.dunit.VM;
-import com.gemstone.gemfire.test.dunit.internal.JUnit4DistributedTestCase;
-
-public abstract class ClientAuthenticationTestCase extends JUnit4DistributedTestCase {
-
- private VM server1 = null;
- private VM server2 = null;
- private VM client1 = null;
- private VM client2 = null;
-
- private static final String[] serverIgnoredExceptions = {
- AuthenticationRequiredException.class.getName(),
- AuthenticationFailedException.class.getName(),
- GemFireSecurityException.class.getName(),
- ClassNotFoundException.class.getName(),
- IOException.class.getName(),
- SSLException.class.getName(),
- SSLHandshakeException.class.getName()
- };
-
- private static final String[] clientIgnoredExceptions = {
- AuthenticationRequiredException.class.getName(),
- AuthenticationFailedException.class.getName(),
- SSLHandshakeException.class.getName()
- };
-
- @Override
- public final void postSetUp() throws Exception {
- final Host host = Host.getHost(0);
- server1 = host.getVM(0);
- server2 = host.getVM(1);
- client1 = host.getVM(2);
- client2 = host.getVM(3);
-
- addIgnoredException("Connection refused: connect");
-
- server1.invoke(() -> registerExpectedExceptions(serverIgnoredExceptions));
- server2.invoke(() -> registerExpectedExceptions(serverIgnoredExceptions));
- client1.invoke(() -> registerExpectedExceptions(clientIgnoredExceptions));
- client2.invoke(() -> registerExpectedExceptions(clientIgnoredExceptions));
- }
-
- protected void doTestValidCredentials(final boolean multiUser) throws Exception {
- CredentialGenerator gen = new DummyCredentialGenerator();
- Properties extraProps = gen.getSystemProperties();
- Properties javaProps = gen.getJavaProperties();
- String authenticator = gen.getAuthenticator();
- String authInit = gen.getAuthInit();
-
- getLogWriter().info("testValidCredentials: Using scheme: " + gen.classCode());
- getLogWriter().info("testValidCredentials: Using authenticator: " + authenticator);
- getLogWriter().info("testValidCredentials: Using authinit: " + authInit);
-
- // Start the servers
- int locPort1 = getLocatorPort();
- int locPort2 = getLocatorPort();
- String locString = getAndClearLocatorString();
-
- int port1 = server1.invoke(() -> createCacheServer(locPort1, locString, authenticator, extraProps, javaProps));
- int port2 = server2.invoke(() -> createCacheServer(locPort2, locString, authenticator, extraProps, javaProps));
-
- // Start the clients with valid credentials
- Properties credentials1 = gen.getValidCredentials(1);
- Properties javaProps1 = gen.getJavaProperties();
-
- getLogWriter().info("testValidCredentials: For first client credentials: " + credentials1 + " : " + javaProps1);
-
- Properties credentials2 = gen.getValidCredentials(2);
- Properties javaProps2 = gen.getJavaProperties();
-
- getLogWriter().info("testValidCredentials: For second client credentials: " + credentials2 + " : " + javaProps2);
-
- createClientsNoException(multiUser, authInit, port1, port2, credentials1, javaProps1, credentials2, javaProps2);
-
- // Perform some put operations from client1
- client1.invoke(() -> doPuts(2));
-
- // Verify that the puts succeeded
- client2.invoke(() -> doGets(2));
-
- if (multiUser) {
- client1.invoke(() -> doProxyCacheClose());
- client2.invoke(() -> doProxyCacheClose());
- client1.invoke(() -> doSimplePut("CacheClosedException"));
- client2.invoke(() -> doSimpleGet("CacheClosedException"));
- }
- }
-
- protected void doTestNoCredentials(final boolean multiUser) throws Exception {
- CredentialGenerator gen = new DummyCredentialGenerator();
- Properties extraProps = gen.getSystemProperties();
- Properties javaProps = gen.getJavaProperties();
- String authenticator = gen.getAuthenticator();
- String authInit = gen.getAuthInit();
-
- getLogWriter().info("testNoCredentials: Using scheme: " + gen.classCode());
- getLogWriter().info("testNoCredentials: Using authenticator: " + authenticator);
- getLogWriter().info("testNoCredentials: Using authinit: " + authInit);
-
- // Start the servers
- int locPort1 = getLocatorPort();
- int locPort2 = getLocatorPort();
- String locString = getAndClearLocatorString();
-
- int port1 = createServer1(extraProps, javaProps, authenticator, locPort1, locString);
- int port2 = server2.invoke(() -> createCacheServer(locPort2, locString, authenticator, extraProps, javaProps));
-
- // Start first client with valid credentials
- Properties credentials1 = gen.getValidCredentials(1);
- Properties javaProps1 = gen.getJavaProperties();
-
- getLogWriter().info("testNoCredentials: For first client credentials: " + credentials1 + " : " + javaProps1);
-
- createClient1NoException(multiUser, authInit, port1, port2, credentials1, javaProps1);
-
- // Perform some put operations from client1
- client1.invoke(() -> doPuts(2));
-
- // Trying to create the region on client2
- if (gen.classCode().equals(CredentialGenerator.ClassCode.SSL)) {
- // For SSL the exception may not come since the server can close socket
- // before handshake message is sent from client. However exception
- // should come in any region operations.
- client2.invoke(() -> createCacheClient(null, null, null, port1, port2, 0, multiUser, NO_EXCEPTION));
- client2.invoke(() -> doPuts(2, OTHER_EXCEPTION));
-
- } else {
- client2.invoke(() -> createCacheClient(null, null, null, port1, port2, 0, multiUser, AUTHREQ_EXCEPTION));
- }
- }
-
- protected void doTestInvalidCredentials(final boolean multiUser) throws Exception {
- CredentialGenerator gen = new DummyCredentialGenerator();
- Properties extraProps = gen.getSystemProperties();
- Properties javaProps = gen.getJavaProperties();
- String authenticator = gen.getAuthenticator();
- String authInit = gen.getAuthInit();
-
- getLogWriter().info("testInvalidCredentials: Using scheme: " + gen.classCode());
- getLogWriter().info("testInvalidCredentials: Using authenticator: " + authenticator);
- getLogWriter().info("testInvalidCredentials: Using authinit: " + authInit);
-
- // Start the servers
- int locPort1 = getLocatorPort();
- int locPort2 = getLocatorPort();
- String locString = getAndClearLocatorString();
-
- int port1 = createServer1(extraProps, javaProps, authenticator, locPort1, locString);
- int port2 = server2.invoke(() -> createCacheServer(locPort2, locString, authenticator, extraProps, javaProps));
-
- // Start first client with valid credentials
- Properties credentials1 = gen.getValidCredentials(1);
- Properties javaProps1 = gen.getJavaProperties();
- getLogWriter().info("testInvalidCredentials: For first client credentials: " + credentials1 + " : " + javaProps1);
-
- createClient1NoException(multiUser, authInit, port1, port2, credentials1, javaProps1);
-
- // Perform some put operations from client1
- client1.invoke(() -> doPuts(2));
-
- // Start second client with invalid credentials
- // Trying to create the region on client2 should throw a security
- // exception
- Properties credentials2 = gen.getInvalidCredentials(1);
- Properties javaProps2 = gen.getJavaProperties();
- getLogWriter().info("testInvalidCredentials: For second client credentials: " + credentials2 + " : " + javaProps2);
-
- client2.invoke(() -> createCacheClient(authInit, credentials2, javaProps2, port1, port2, 0, multiUser, AUTHFAIL_EXCEPTION));
- }
-
- protected void doTestInvalidAuthInit(final boolean multiUser) throws Exception {
- CredentialGenerator gen = new DummyCredentialGenerator();
- Properties extraProps = gen.getSystemProperties();
- final Properties javaProps = gen.getJavaProperties();
- String authenticator = gen.getAuthenticator();
-
- getLogWriter().info("testInvalidAuthInit: Using scheme: " + gen.classCode());
- getLogWriter().info("testInvalidAuthInit: Using authenticator: " + authenticator);
-
- // Start the server
- int locPort1 = getLocatorPort();
- String locString = getAndClearLocatorString();
-
- int port1 = createServer1(extraProps, javaProps, authenticator, locPort1, locString);
- Properties credentials = gen.getValidCredentials(1);
- getLogWriter().info("testInvalidAuthInit: For first client credentials: " + credentials + " : " + javaProps);
-
- client1.invoke(() -> createCacheClient("com.gemstone.none", credentials, javaProps, new int[] { port1 }, 0, false, multiUser, true, SECURITY_EXCEPTION));
- }
-
- protected void doTestNoAuthInitWithCredentials(final boolean multiUser) throws Exception {
- CredentialGenerator gen = new DummyCredentialGenerator();
- Properties extraProps = gen.getSystemProperties();
- Properties javaProps = gen.getJavaProperties();
- String authenticator = gen.getAuthenticator();
-
- getLogWriter().info("testNoAuthInitWithCredentials: Using scheme: " + gen.classCode());
- getLogWriter().info("testNoAuthInitWithCredentials: Using authenticator: " + authenticator);
-
- // Start the servers
- int locPort1 = getLocatorPort();
- int locPort2 = getLocatorPort();
- String locString = getAndClearLocatorString();
-
- int port1 = createServer1(extraProps, javaProps, authenticator, locPort1, locString);
- int port2 = server2.invoke(() -> createCacheServer(locPort2, locString, authenticator, extraProps, javaProps));
-
- // Start the clients with valid credentials
- Properties credentials1 = gen.getValidCredentials(1);
- Properties javaProps1 = gen.getJavaProperties();
- getLogWriter().info("testNoAuthInitWithCredentials: For first client credentials: " + credentials1 + " : " + javaProps1);
-
- Properties credentials2 = gen.getValidCredentials(2);
- Properties javaProps2 = gen.getJavaProperties();
- getLogWriter().info("testNoAuthInitWithCredentials: For second client credentials: " + credentials2 + " : " + javaProps2);
-
- client1.invoke(() -> createCacheClient(null, credentials1, javaProps1, port1, port2, 0, multiUser, AUTHREQ_EXCEPTION));
- client2.invoke(() -> createCacheClient(null, credentials2, javaProps2, port1, port2, 0, multiUser, AUTHREQ_EXCEPTION));
- client2.invoke(() -> closeCache());
-
- // Now also try with invalid credentials
- Properties credentials3 = gen.getInvalidCredentials(5);
- Properties javaProps3 = gen.getJavaProperties();
-
- client2.invoke(() -> createCacheClient(null, credentials3, javaProps3, port1, port2, 0, multiUser, AUTHREQ_EXCEPTION));
- }
-
- /**
- * NOTE: "final boolean multiUser" is unused
- */
- protected void doTestInvalidAuthenticator(final boolean multiUser) throws Exception {
- CredentialGenerator gen = new DummyCredentialGenerator();
- Properties extraProps = gen.getSystemProperties();
- Properties javaProps = gen.getJavaProperties();
- String authInit = gen.getAuthInit();
-
- getLogWriter().info("testInvalidAuthenticator: Using scheme: " + gen.classCode());
- getLogWriter().info("testInvalidAuthenticator: Using authinit: " + authInit);
-
- // Start the server with invalid authenticator
- int locPort1 = getLocatorPort();
- String locString = getAndClearLocatorString();
-
- server1.invoke(() -> createCacheServer(locPort1, locString, "com.gemstone.gemfire.none", extraProps, javaProps, AUTHREQ_EXCEPTION));
- }
-
- protected void doTestNoAuthenticatorWithCredentials(final boolean multiUser) throws Exception {
- CredentialGenerator gen = new DummyCredentialGenerator();
- Properties extraProps = gen.getSystemProperties();
- Properties javaProps = gen.getJavaProperties();
- String authenticator = gen.getAuthenticator();
- String authInit = gen.getAuthInit();
-
- getLogWriter().info("testNoAuthenticatorWithCredentials: Using scheme: " + gen.classCode());
- getLogWriter().info("testNoAuthenticatorWithCredentials: Using authinit: " + authInit);
-
- // Start the servers with no authenticator
- int locPort1 = getLocatorPort();
- int locPort2 = getLocatorPort();
- String locString = getAndClearLocatorString();
-
- int port1 = server1.invoke(() -> createCacheServer(locPort1, locString, null, extraProps, javaProps));
- int port2 = server2.invoke(() -> createCacheServer(locPort2, locString, null, extraProps, javaProps));
-
- // Clients should connect successfully and work properly with
- // valid/invalid credentials when none are required on the server side
- Properties credentials1 = gen.getValidCredentials(3);
- Properties javaProps1 = gen.getJavaProperties();
- getLogWriter().info("testNoAuthenticatorWithCredentials: For first client credentials: " + credentials1 + " : " + javaProps1);
-
- Properties credentials2 = gen.getInvalidCredentials(5);
- Properties javaProps2 = gen.getJavaProperties();
- getLogWriter().info("testNoAuthenticatorWithCredentials: For second client credentials: " + credentials2 + " : " + javaProps2);
-
- createClientsNoException(multiUser, authInit, port1, port2, credentials1, javaProps1, credentials2, javaProps2);
-
- // Perform some put operations from client1
- client1.invoke(() -> doPuts(2));
-
- // Verify that the puts succeeded
- client2.invoke(() -> doGets(2));
- }
-
- protected void doTestCredentialsWithFailover(final boolean multiUser) throws Exception {
- CredentialGenerator gen = new DummyCredentialGenerator();
- Properties extraProps = gen.getSystemProperties();
- Properties javaProps = gen.getJavaProperties();
- String authenticator = gen.getAuthenticator();
- String authInit = gen.getAuthInit();
-
- getLogWriter().info("testCredentialsWithFailover: Using scheme: " + gen.classCode());
- getLogWriter().info("testCredentialsWithFailover: Using authenticator: " + authenticator);
- getLogWriter().info("testCredentialsWithFailover: Using authinit: " + authInit);
-
- // Start the first server
- int locPort1 = getLocatorPort();
- int locPort2 = getLocatorPort();
- String locString = getAndClearLocatorString();
-
- int port1 = server1.invoke(() -> createCacheServer(locPort1, locString, authenticator, extraProps, javaProps));
-
- // Get a port for second server but do not start it
- // This forces the clients to connect to the first server
- int port2 = getRandomAvailablePort(SOCKET);
-
- // Start the clients with valid credentials
- Properties credentials1 = gen.getValidCredentials(5);
- Properties javaProps1 = gen.getJavaProperties();
- getLogWriter().info("testCredentialsWithFailover: For first client credentials: " + credentials1 + " : " + javaProps1);
-
- Properties credentials2 = gen.getValidCredentials(6);
- Properties javaProps2 = gen.getJavaProperties();
- getLogWriter().info("testCredentialsWithFailover: For second client credentials: " + credentials2 + " : " + javaProps2);
-
- createClientsNoException(multiUser, authInit, port1, port2, credentials1, javaProps1, credentials2, javaProps2);
-
- // Perform some put operations from client1
- client1.invoke(() -> doPuts(2));
- // Verify that the puts succeeded
- client2.invoke(() -> doGets(2));
-
- // start the second one and stop the first server to force a failover
- server2.invoke(() -> createCacheServer(locPort2, locString, port2, authenticator, extraProps, javaProps));
- server1.invoke(() -> closeCache());
-
- // Perform some create/update operations from client1
- client1.invoke(() -> doNPuts(4));
- // Verify that the creates/updates succeeded
- client2.invoke(() -> doNGets(4));
-
- // Try to connect client2 with no credentials
- // Verify that the creation of region throws security exception
- if (gen.classCode().equals(CredentialGenerator.ClassCode.SSL)) {
- // For SSL the exception may not come since the server can close socket
- // before handshake message is sent from client. However exception
- // should come in any region operations.
- client2.invoke(() -> createCacheClient(null, null, null, port1, port2, 0, multiUser, NOFORCE_AUTHREQ_EXCEPTION));
- client2.invoke(() -> doPuts(2, OTHER_EXCEPTION));
-
- } else {
- client2.invoke(() -> createCacheClient(null, null, null, port1, port2, 0, multiUser, AUTHREQ_EXCEPTION));
- }
-
- // Now try to connect client1 with invalid credentials
- // Verify that the creation of region throws security exception
- Properties credentials3 = gen.getInvalidCredentials(7);
- Properties javaProps3 = gen.getJavaProperties();
- getLogWriter().info("testCredentialsWithFailover: For first client invalid credentials: " + credentials3 + " : " + javaProps3);
-
- client1.invoke(() -> createCacheClient(authInit, credentials3, javaProps3, port1, port2, 0, multiUser, AUTHFAIL_EXCEPTION));
-
- if (multiUser) {
- client1.invoke(() -> doProxyCacheClose());
- client2.invoke(() -> doProxyCacheClose());
- client1.invoke(() -> doSimplePut("CacheClosedException"));
- client2.invoke(() -> doSimpleGet("CacheClosedException"));
- }
- }
-
- protected void doTestCredentialsForNotifications(final boolean multiUser) throws Exception {
- CredentialGenerator gen = new DummyCredentialGenerator();
- Properties extraProps = gen.getSystemProperties();
- Properties javaProps = gen.getJavaProperties();
- String authenticator = gen.getAuthenticator();
- String authInit = gen.getAuthInit();
-
- getLogWriter().info("testCredentialsForNotifications: Using scheme: " + gen.classCode());
- getLogWriter().info("testCredentialsForNotifications: Using authenticator: " + authenticator);
- getLogWriter().info("testCredentialsForNotifications: Using authinit: " + authInit);
-
- // Start the first server
- int locPort1 = getLocatorPort();
- int locPort2 = getLocatorPort();
- String locString = getAndClearLocatorString();
-
- int port1 = server1.invoke(() -> createCacheServer(locPort1, locString, authenticator, extraProps, javaProps));
-
- // Get a port for second server but do not start it
- // This forces the clients to connect to the first server
- int port2 = getRandomAvailablePort(SOCKET);
-
- // Start the clients with valid credentials
- Properties credentials1 = gen.getValidCredentials(3);
- Properties javaProps1 = gen.getJavaProperties();
- getLogWriter().info("testCredentialsForNotifications: For first client credentials: " + credentials1 + " : " + javaProps1);
-
- Properties credentials2 = gen.getValidCredentials(4);
- Properties javaProps2 = gen.getJavaProperties();
- getLogWriter().info("testCredentialsForNotifications: For second client credentials: " + credentials2 + " : " + javaProps2);
-
- createClient1NoException(multiUser, authInit, port1, port2, credentials1, javaProps1);
-
- // Set up zero forward connections to check notification handshake only
- int zeroConns = 0;
- createClient2NoException(multiUser, authInit, port1, port2, credentials2, javaProps2, zeroConns);
-
- // Register interest on all keys on second client
- client2.invoke(() -> registerAllInterest());
-
- // Perform some put operations from client1
- client1.invoke(() -> doPuts(2));
-
- // Verify that the puts succeeded
- client2.invoke(() -> doLocalGets(2));
-
- // start the second one and stop the first server to force a failover
- server2.invoke(() -> createCacheServer(locPort2, locString, port2, authenticator, extraProps, javaProps));
- server1.invoke(() -> closeCache());
-
- // Wait for failover to complete
- pause(500);
-
- // Perform some create/update operations from client1
- client1.invoke(() -> doNPuts(4));
- // Verify that the creates/updates succeeded
- client2.invoke(() -> doNLocalGets(4));
-
- // Try to connect client1 with no credentials
- // Verify that the creation of region throws security exception
- final int p = server1.invoke(() -> createCacheServer(locPort1, locString, 0, authenticator, extraProps, javaProps));
- if (gen.classCode().equals(CredentialGenerator.ClassCode.SSL)) {
- // For SSL the exception may not come since the server can close socket
- // before handshake message is sent from client. However exception
- // should come in any region operations.
- client1.invoke(() -> createCacheClient(null, null, null, p, port2, zeroConns, multiUser, NOFORCE_AUTHREQ_EXCEPTION));
- client1.invoke(() -> doPuts(2, OTHER_EXCEPTION));
-
- } else {
- client1.invoke(() -> createCacheClient(null, null, null, p, port2, zeroConns, multiUser, AUTHREQ_EXCEPTION));
- }
-
- // Now try to connect client2 with invalid credentials
- // Verify that the creation of region throws security exception
- credentials2 = gen.getInvalidCredentials(3);
- javaProps2 = gen.getJavaProperties();
- getLogWriter().info("testCredentialsForNotifications: For second client invalid credentials: " + credentials2 + " : " + javaProps2);
-
- createClient2WithException(multiUser, authInit, p, port2, credentials2, javaProps2, zeroConns);
-
- // Now try to connect client2 with invalid auth-init method
- // Trying to create the region on client with valid credentials should
- // throw a security exception
- client2.invoke(() -> createCacheClient("com.gemstone.none", credentials1, javaProps1, p, port2, zeroConns, multiUser, SECURITY_EXCEPTION));
-
- // Try connection with null auth-init on clients.
- // Skip this test for a scheme which does not have an authInit in the
- // first place (e.g. SSL).
- if (authInit != null && authInit.length() > 0) {
- final int p1 = server1.invoke(() -> createCacheServer(locPort1, locString, 0, authenticator, extraProps, javaProps));
- final int p2 = server2.invoke(() -> createCacheServer(locPort2, locString, 0, authenticator, extraProps, javaProps));
- client1.invoke(() -> createCacheClient(null, credentials1, javaProps1, p1, p2, 0, multiUser, AUTHREQ_EXCEPTION));
-
- createClient2AuthReqException(multiUser, p1, p2, credentials2, javaProps2, zeroConns);
- createClient2AuthReqException(multiUser, p1, p2, credentials2, javaProps2, zeroConns);
-
- } else {
- getLogWriter().info("testCredentialsForNotifications: Skipping null authInit for scheme [" + gen.classCode() + "] which has no authInit");
- }
-
- // Try connection with null authenticator on server and sending
- // valid/invalid credentials.
- // If the scheme does not have an authenticator in the first place (e.g.
- // SSL) then skip it since this test is useless.
- if (authenticator != null && authenticator.length() > 0) {
- final int p1 = server1.invoke(() -> createCacheServer(locPort1, locString, 0, null, extraProps, javaProps));
- final int p2 = server2.invoke(() -> createCacheServer(locPort2, locString, 0, null, extraProps, javaProps));
-
- createClient1NoException(multiUser, authInit, p1, p2, credentials1, javaProps1);
- createClient2NoException(multiUser, authInit, p1, p2, credentials2, javaProps2, zeroConns);
-
- // Register interest on all keys on second client
- client2.invoke(() -> registerAllInterest());
-
- // Perform some put operations from client1
- client1.invoke(() -> doPuts(4));
-
- // Verify that the puts succeeded
- client2.invoke(() -> doLocalGets(4));
-
- // Now also try with valid credentials on client2
- createClient1NoException(multiUser, authInit, p1, p2, credentials2, javaProps2);
- createClient2NoException(multiUser, authInit, p1, p2, credentials1, javaProps1, zeroConns);
-
- // Register interest on all keys on second client
- client2.invoke(() -> registerAllInterest());
-
- // Perform some put operations from client1
- client1.invoke(() -> doNPuts(4));
-
- // Verify that the puts succeeded
- client2.invoke(() -> doNLocalGets(4));
-
- } else {
- getLogWriter().info("testCredentialsForNotifications: Skipping scheme [" + gen.classCode() + "] which has no authenticator");
- }
- }
-
- private int createServer1(final Properties extraProps, final Properties javaProps, final String authenticator, final int locPort1, final String locString) {
- return server1.invoke(() -> createCacheServer(locPort1, locString, authenticator, extraProps, javaProps));
- }
-
- private void createClient1NoException(final boolean multiUser, final String authInit, final int port1, final int port2, final Properties credentials2, final Properties javaProps2) {
- client1.invoke(() -> createCacheClient(authInit, credentials2, javaProps2, port1, port2, 0, multiUser, NO_EXCEPTION));
- }
-
- private void createClient2AuthReqException(final boolean multiUser, final int port1, final int port2, final Properties credentials2, final Properties javaProps2, final int zeroConns) {
- client2.invoke(() -> createCacheClient(null, credentials2, javaProps2, port1, port2, zeroConns, multiUser, AUTHREQ_EXCEPTION));
- }
-
- private void createClient1WithException(final boolean multiUser, final String authInit, final int port1, final int port2, final Properties credentials2, final Properties javaProps2, final int zeroConns) {
- client1.invoke(() -> createCacheClient(authInit, credentials2, javaProps2, port1, port2, zeroConns, multiUser, AUTHFAIL_EXCEPTION));
- }
-
- private void createClient2WithException(final boolean multiUser, final String authInit, final int port1, final int port2, final Properties credentials2, final Properties javaProps2, final int zeroConns) {
- client2.invoke(() -> createCacheClient(authInit, credentials2, javaProps2, port1, port2, zeroConns, multiUser, AUTHFAIL_EXCEPTION));
- }
-
- private void createClient2NoException(final boolean multiUser, final String authInit, final int port1, final int port2, final Properties credentials2, final Properties javaProps2, final int zeroConns) {
- client2.invoke(() -> createCacheClient(authInit, credentials2, javaProps2, port1, port2, zeroConns, multiUser, NO_EXCEPTION));
- }
-
- private void createClientsNoException(final boolean multiUser, final String authInit, final int port1, final int port2, final Properties credentials1, final Properties javaProps1, final Properties credentials2, final Properties javaProps2) {
- createClient1NoException(multiUser, authInit, port1, port2, credentials1, javaProps1);
- client2.invoke(() -> createCacheClient(authInit, credentials2, javaProps2, port1, port2, 0, multiUser, NO_EXCEPTION));
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationTestUtils.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationTestUtils.java b/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationTestUtils.java
deleted file mode 100644
index 3073705..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationTestUtils.java
+++ /dev/null
@@ -1,90 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security;
-
-import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
-import static com.gemstone.gemfire.security.SecurityTestUtils.*;
-import static org.junit.Assert.*;
-
-import java.util.Properties;
-
-import com.gemstone.gemfire.cache.Region;
-
-/**
- * Extracted from ClientAuthenticationDUnitTest
- */
-public abstract class ClientAuthenticationTestUtils {
-
- protected ClientAuthenticationTestUtils() {
- }
-
- protected static Integer createCacheServer(final int locatorPort, final String locatorString, final String authenticator, final Properties extraProps, final Properties javaProps) {
- return createCacheServer(locatorPort, locatorString, 0, authenticator, extraProps, javaProps, NO_EXCEPTION);
- }
-
- protected static Integer createCacheServer(final int locatorPort, final String locatorString, final int serverPort, final String authenticator, final Properties extraProps, final Properties javaProps) {
- return createCacheServer(locatorPort, locatorString, serverPort, authenticator, extraProps, javaProps, NO_EXCEPTION);
- }
- protected static Integer createCacheServer(final int locatorPort, final String locatorString, final String authenticator, final Properties extraProps, final Properties javaProps, final int expectedResult) {
-
- return createCacheServer(locatorPort, locatorString, 0, authenticator, extraProps, javaProps, expectedResult);
- }
-
- protected static Integer createCacheServer(final int locatorPort, final String locatorString, final int serverPort, final String authenticator, final Properties extraProps, final Properties javaProps, int expectedResult) {
- Properties authProps;
- if (extraProps == null) {
- authProps = new Properties();
- } else {
- authProps = extraProps;
- }
-
- if (authenticator != null) {
- authProps.setProperty(SECURITY_CLIENT_AUTHENTICATOR, authenticator);
- }
- return SecurityTestUtils.createCacheServer(authProps, javaProps, locatorPort, locatorString, serverPort, expectedResult);
- }
-
- protected static void createCacheClient(final String authInit, final Properties authProps, final Properties javaProps, final int[] ports, final int numConnections, final boolean multiUserMode, final boolean subscriptionEnabled, final int expectedResult) {
- SecurityTestUtils.createCacheClient(authInit, authProps, javaProps, ports, numConnections, false, multiUserMode, subscriptionEnabled, expectedResult);
- }
-
- protected static void createCacheClient(final String authInit, final Properties authProps, final Properties javaProps, final int[] ports, final int numConnections, final boolean multiUserMode, final int expectedResult) {
- createCacheClient(authInit, authProps, javaProps, ports, numConnections, multiUserMode, true, expectedResult);
- }
-
- protected static void createCacheClient(final String authInit, final Properties authProps, final Properties javaProps, final int port1, final int numConnections, final int expectedResult) {
- createCacheClient(authInit, authProps, javaProps, new int[] { port1 }, numConnections, false, true, expectedResult);
- }
-
- protected static void createCacheClient(final String authInit, final Properties authProps, final Properties javaProps, final int port1, final int port2, final int numConnections, final int expectedResult) {
- createCacheClient(authInit, authProps, javaProps, port1, port2, numConnections, false, expectedResult);
- }
-
- protected static void createCacheClient(final String authInit, final Properties authProps, final Properties javaProps, final int port1, final int port2, final int numConnections, final boolean multiUserMode, final int expectedResult) {
- createCacheClient(authInit, authProps, javaProps, port1, port2, numConnections, multiUserMode, true, expectedResult);
- }
-
- protected static void createCacheClient(final String authInit, final Properties authProps, final Properties javaProps, final int port1, final int port2, final int numConnections, final boolean multiUserMode, final boolean subscriptionEnabled, final int expectedResult) {
- createCacheClient(authInit, authProps, javaProps, new int[] { port1, port2 }, numConnections, multiUserMode, subscriptionEnabled, expectedResult);
- }
-
- protected static void registerAllInterest() {
- Region region = getCache().getRegion(REGION_NAME);
- assertNotNull(region);
- region.registerInterestRegex(".*");
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthorizationDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthorizationDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthorizationDUnitTest.java
deleted file mode 100644
index 79feae9..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthorizationDUnitTest.java
+++ /dev/null
@@ -1,647 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.gemstone.gemfire.security;
-
-import static com.gemstone.gemfire.internal.AvailablePort.*;
-import static com.gemstone.gemfire.security.SecurityTestUtils.*;
-import static com.gemstone.gemfire.test.dunit.Assert.*;
-import static com.gemstone.gemfire.test.dunit.IgnoredException.*;
-import static com.gemstone.gemfire.test.dunit.LogWriterUtils.*;
-
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Properties;
-
-import com.gemstone.gemfire.internal.AvailablePortHelper;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
-import com.gemstone.gemfire.security.generator.AuthzCredentialGenerator;
-import com.gemstone.gemfire.security.generator.CredentialGenerator;
-import com.gemstone.gemfire.security.generator.DummyCredentialGenerator;
-import com.gemstone.gemfire.security.generator.XmlAuthzCredentialGenerator;
-import com.gemstone.gemfire.security.templates.UserPasswordAuthInit;
-import com.gemstone.gemfire.test.dunit.VM;
-import com.gemstone.gemfire.test.junit.categories.DistributedTest;
-import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-
-/**
- * Tests for authorization from client to server. This tests for authorization
- * of all operations with both valid and invalid credentials/modules with
- * pre-operation callbacks. It also checks for authorization in case of
- * failover.
- *
- * @since GemFire 5.5
- */
-@Category({ DistributedTest.class, SecurityTest.class })
-public class ClientAuthorizationDUnitTest extends ClientAuthorizationTestCase {
-
- @Override
- public final void preTearDownClientAuthorizationTestBase() throws Exception {
- closeCache();
- }
-
- @Test
- public void testAllowPutsGets() {
- AuthzCredentialGenerator gen = getXmlAuthzGenerator();
- CredentialGenerator cGen = gen.getCredentialGenerator();
- Properties extraAuthProps = cGen.getSystemProperties();
- Properties javaProps = cGen.getJavaProperties();
- Properties extraAuthzProps = gen.getSystemProperties();
- String authenticator = cGen.getAuthenticator();
- String authInit = cGen.getAuthInit();
- String accessor = gen.getAuthorizationCallback();
-
- getLogWriter().info("testAllowPutsGets: Using authinit: " + authInit);
- getLogWriter().info("testAllowPutsGets: Using authenticator: " + authenticator);
- getLogWriter().info("testAllowPutsGets: Using accessor: " + accessor);
-
- // Start servers with all required properties
- Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps);
-
- int port1 = createServer1(javaProps, serverProps);
- int port2 = createServer2(javaProps, serverProps);
-
- // Start client1 with valid CREATE credentials
- Properties createCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.PUT }, new String[] { regionName }, 1);
- javaProps = cGen.getJavaProperties();
-
- getLogWriter().info("testAllowPutsGets: For first client credentials: " + createCredentials);
-
- createClient1NoException(javaProps, authInit, port1, port2, createCredentials);
-
- // Start client2 with valid GET credentials
- Properties getCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.GET }, new String[] { regionName }, 2);
- javaProps = cGen.getJavaProperties();
-
- getLogWriter().info("testAllowPutsGets: For second client credentials: " + getCredentials);
-
- createClient2NoException(javaProps, authInit, port1, port2, getCredentials);
-
- // Perform some put operations from client1
- client1.invoke(() -> doPuts(2, NO_EXCEPTION));
-
- // Verify that the gets succeed
- client2.invoke(() -> doGets(2, NO_EXCEPTION));
- }
-
- @Test
- public void testPutAllWithSecurity() {
- AuthzCredentialGenerator gen = getXmlAuthzGenerator();
- CredentialGenerator cGen = gen.getCredentialGenerator();
- Properties extraAuthProps = cGen.getSystemProperties();
- Properties javaProps = cGen.getJavaProperties();
- Properties extraAuthzProps = gen.getSystemProperties();
- String authenticator = cGen.getAuthenticator();
- String authInit = cGen.getAuthInit();
- String accessor = gen.getAuthorizationCallback();
-
- getLogWriter().info("testPutAllWithSecurity: Using authinit: " + authInit);
- getLogWriter().info("testPutAllWithSecurity: Using authenticator: " + authenticator);
- getLogWriter().info("testPutAllWithSecurity: Using accessor: " + accessor);
-
- // Start servers with all required properties
- Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps);
-
- int port1 = createServer1(javaProps, serverProps);
- int port2 = createServer2(javaProps, serverProps);
-
- // Start client1 with valid CREATE credentials
- Properties createCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.PUTALL }, new String[] { regionName }, 1);
- javaProps = cGen.getJavaProperties();
-
- getLogWriter().info("testPutAllWithSecurity: For first client credentials: " + createCredentials);
-
- createClient1NoException(javaProps, authInit, port1, port2, createCredentials);
-
- // Perform some put all operations from client1
- client1.invoke(() -> doPutAllP());
- }
-
- @Test
- public void testDisallowPutsGets() {
- AuthzCredentialGenerator gen = getXmlAuthzGenerator();
- CredentialGenerator cGen = gen.getCredentialGenerator();
- Properties extraAuthProps = cGen.getSystemProperties();
- Properties javaProps = cGen.getJavaProperties();
- Properties extraAuthzProps = gen.getSystemProperties();
- String authenticator = cGen.getAuthenticator();
- String authInit = cGen.getAuthInit();
- String accessor = gen.getAuthorizationCallback();
-
- getLogWriter().info("testDisallowPutsGets: Using authinit: " + authInit);
- getLogWriter().info("testDisallowPutsGets: Using authenticator: " + authenticator);
- getLogWriter().info("testDisallowPutsGets: Using accessor: " + accessor);
-
- // Check that we indeed can obtain valid credentials not allowed to do gets
- Properties createCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.PUT }, new String[] { regionName }, 1);
- Properties createJavaProps = cGen.getJavaProperties();
-
- getLogWriter().info("testDisallowPutsGets: For first client credentials: " + createCredentials);
-
- Properties getCredentials = gen.getDisallowedCredentials(new OperationCode[] { OperationCode.GET }, new String[] { regionName }, 2);
- Properties getJavaProps = cGen.getJavaProperties();
-
- getLogWriter().info("testDisallowPutsGets: For second client disallowed GET credentials: " + getCredentials);
-
- // Start servers with all required properties
- Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps);
-
- int port1 = createServer1(javaProps, serverProps);
- int port2 = createServer2(javaProps, serverProps);
-
- createClient1NoException(createJavaProps, authInit, port1, port2, createCredentials);
-
- createClient2NoException(getJavaProps, authInit, port1, port2, getCredentials);
-
- // Perform some put operations from client1
- client1.invoke(() -> doPuts(2, NO_EXCEPTION));
-
- // Gets as normal user should throw exception
- client2.invoke(() -> doGets(2, NOTAUTHZ_EXCEPTION));
-
- // Try to connect client2 with reader credentials
- getCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.GET }, new String[] { regionName }, 5);
- getJavaProps = cGen.getJavaProperties();
-
- getLogWriter().info("testDisallowPutsGets: For second client with GET credentials: " + getCredentials);
-
- createClient2NoException(getJavaProps, authInit, port1, port2, getCredentials);
-
- // Verify that the gets succeed
- client2.invoke(() -> doGets(2, NO_EXCEPTION));
-
- // Verify that the puts throw exception
- client2.invoke(() -> doNPuts(2, NOTAUTHZ_EXCEPTION));
- }
-
- @Test
- public void testInvalidAccessor() {
- AuthzCredentialGenerator gen = getXmlAuthzGenerator();
- CredentialGenerator cGen = gen.getCredentialGenerator();
- Properties extraAuthProps = cGen.getSystemProperties();
- Properties javaProps = cGen.getJavaProperties();
- Properties extraAuthzProps = gen.getSystemProperties();
- String authenticator = cGen.getAuthenticator();
- String authInit = cGen.getAuthInit();
- String accessor = gen.getAuthorizationCallback();
-
- getLogWriter().info("testInvalidAccessor: Using authinit: " + authInit);
- getLogWriter().info("testInvalidAccessor: Using authenticator: " + authenticator);
-
- // Start server1 with invalid accessor
- Properties serverProps = buildProperties(authenticator, "com.gemstone.none", false, extraAuthProps, extraAuthzProps);
-
- int port1 = createServer1(javaProps, serverProps);
- int port2 = getRandomAvailablePort(SOCKET);
-
- // Client creation should throw exceptions
- Properties createCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.PUT }, new String[] { regionName }, 3);
- Properties createJavaProps = cGen.getJavaProperties();
-
- getLogWriter().info("testInvalidAccessor: For first client CREATE credentials: " + createCredentials);
-
- Properties getCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.GET }, new String[] { regionName }, 7);
- Properties getJavaProps = cGen.getJavaProperties();
-
- getLogWriter().info("testInvalidAccessor: For second client GET credentials: " + getCredentials);
-
- client1.invoke(() -> ClientAuthenticationTestUtils.createCacheClient( authInit, createCredentials, createJavaProps, port1, port2, 0, false, false, NO_EXCEPTION));
- client1.invoke(() -> doPuts(1, AUTHFAIL_EXCEPTION));
-
- client2.invoke(() -> ClientAuthenticationTestUtils.createCacheClient( authInit, getCredentials, getJavaProps, port1, port2, 0, false, false, NO_EXCEPTION));
- client2.invoke(() -> doPuts(1, AUTHFAIL_EXCEPTION));
-
- // Now start server2 that has valid accessor
- getLogWriter().info("testInvalidAccessor: Using accessor: " + accessor);
- serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps);
- createServer2(javaProps, serverProps, port2);
- server1.invoke(() -> closeCache());
-
- createClient1NoException(createJavaProps, authInit, port1, port2, createCredentials);
- createClient2NoException(getJavaProps, authInit, port1, port2, getCredentials);
-
- // Now perform some put operations from client1
- client1.invoke(() -> doPuts(4, NO_EXCEPTION));
-
- // Verify that the gets succeed
- client2.invoke(() -> doGets(4, NO_EXCEPTION));
- }
-
- @Test
- public void testPutsGetsWithFailover() {
- AuthzCredentialGenerator gen = getXmlAuthzGenerator();
- CredentialGenerator cGen = gen.getCredentialGenerator();
- Properties extraAuthProps = cGen.getSystemProperties();
- Properties javaProps = cGen.getJavaProperties();
- Properties extraAuthzProps = gen.getSystemProperties();
- String authenticator = cGen.getAuthenticator();
- String authInit = cGen.getAuthInit();
- String accessor = gen.getAuthorizationCallback();
-
- getLogWriter().info("testPutsGetsWithFailover: Using authinit: " + authInit);
- getLogWriter().info("testPutsGetsWithFailover: Using authenticator: " + authenticator);
- getLogWriter().info("testPutsGetsWithFailover: Using accessor: " + accessor);
-
- // Start servers with all required properties
- Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps);
-
- int port1 = createServer1(javaProps, serverProps);
-
- // Get a port for second server but do not start it. This forces the clients to connect to the first server
- int port2 = getRandomAvailablePort(SOCKET);
-
- // Start client1 with valid CREATE credentials
- Properties createCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.PUT }, new String[] { regionName }, 1);
- Properties createJavaProps = cGen.getJavaProperties();
-
- getLogWriter().info("testPutsGetsWithFailover: For first client credentials: " + createCredentials);
-
- createClient1NoException(createJavaProps, authInit, port1, port2, createCredentials);
-
- // Start client2 with valid GET credentials
- Properties getCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.GET }, new String[] { regionName }, 5);
- Properties getJavaProps = cGen.getJavaProperties();
-
- getLogWriter().info("testPutsGetsWithFailover: For second client credentials: " + getCredentials);
-
- createClient2NoException(getJavaProps, authInit, port1, port2, getCredentials);
-
- // Perform some put operations from client1
- client1.invoke(() -> doPuts(2, NO_EXCEPTION));
-
- // Verify that the puts succeeded
- client2.invoke(() -> doGets(2, NO_EXCEPTION));
-
- createServer2(javaProps, serverProps, port2);
- server1.invoke(() -> closeCache());
-
- // Perform some put operations from client1
- client1.invoke(() -> doNPuts(4, NO_EXCEPTION));
-
- // Verify that the puts succeeded
- client2.invoke(() -> doNGets(4, NO_EXCEPTION));
-
- // Now re-connect with credentials not allowed to do gets
- Properties noGetCredentials = gen.getDisallowedCredentials(new OperationCode[] { OperationCode.GET }, new String[] { regionName }, 9);
- getJavaProps = cGen.getJavaProperties();
-
- getLogWriter().info("testPutsGetsWithFailover: For second client disallowed GET credentials: " + noGetCredentials);
-
- createClient2NoException(getJavaProps, authInit, port1, port2, noGetCredentials);
-
- // Perform some put operations from client1
- client1.invoke(() -> doPuts(4, NO_EXCEPTION));
-
- // Gets as normal user should throw exception
- client2.invoke(() -> doGets(4, NOTAUTHZ_EXCEPTION));
-
- // force a failover and do the drill again
- server1.invoke(() -> ClientAuthorizationTestCase.createCacheServer( getLocatorPort(), port1, serverProps, javaProps ));
- server2.invoke(() -> closeCache());
-
- // Perform some put operations from client1
- client1.invoke(() -> doNPuts(4, NO_EXCEPTION));
-
- // Gets as normal user should throw exception
- client2.invoke(() -> doNGets(4, NOTAUTHZ_EXCEPTION));
-
- createClient2NoException(getJavaProps, authInit, port1, port2, getCredentials);
-
- // Verify that the gets succeed
- client2.invoke(() -> doNGets(4, NO_EXCEPTION));
-
- // Verify that the puts throw exception
- client2.invoke(() -> doPuts(4, NOTAUTHZ_EXCEPTION));
- }
-
- @Test
- public void testUnregisterInterestWithFailover() throws InterruptedException {
- OperationWithAction[] unregisterOps = unregisterOpsForTestUnregisterInterestWithFailover();
-
- AuthzCredentialGenerator gen = new XmlAuthzCredentialGenerator();
- CredentialGenerator cGen = new DummyCredentialGenerator();
- cGen.init();
- gen.init(cGen);
- Properties extraAuthProps = cGen.getSystemProperties();
- Properties javaProps = cGen.getJavaProperties();
- Properties extraAuthzProps = gen.getSystemProperties();
- String authenticator = cGen.getAuthenticator();
- String authInit = cGen.getAuthInit();
- String accessor = gen.getAuthorizationCallback();
-
- getLogWriter().info("testAllOpsWithFailover: Using authinit: " + authInit);
- getLogWriter().info("testAllOpsWithFailover: Using authenticator: " + authenticator);
- getLogWriter().info("testAllOpsWithFailover: Using accessor: " + accessor);
-
- // Start servers with all required properties
- Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps);
-
- // Get ports for the servers
- int[] randomAvailableTCPPorts = AvailablePortHelper.getRandomAvailableTCPPorts(2);
- int port1 = randomAvailableTCPPorts[0];
- int port2 = randomAvailableTCPPorts[1];
-
- // Perform all the ops on the clients
- List opBlock = new ArrayList();
- for (int opNum = 0; opNum < unregisterOps.length; ++opNum) {
-
- // Start client with valid credentials as specified in OperationWithAction
- OperationWithAction currentOp = unregisterOps[opNum];
- if (currentOp.equals(OperationWithAction.OPBLOCK_END) || currentOp.equals(OperationWithAction.OPBLOCK_NO_FAILOVER)) {
-
- // End of current operation block; execute all the operations on the servers with/without failover
- if (opBlock.size() > 0) {
- // Start the first server and execute the operation block
- server1.invoke(() -> ClientAuthorizationTestCase.createCacheServer(getLocatorPort(), port1, serverProps, javaProps));
- server2.invoke(() -> closeCache());
-
- executeRIOpBlock(opBlock, port1, port2, authInit, extraAuthProps, extraAuthzProps, javaProps);
-
- if (!currentOp.equals(OperationWithAction.OPBLOCK_NO_FAILOVER)) {
- createServer2(javaProps, serverProps, port2);
- server1.invoke(() -> closeCache());
-
- executeRIOpBlock(opBlock, port1, port2, authInit, extraAuthProps, extraAuthzProps, javaProps);
- }
- opBlock.clear();
- }
-
- } else {
- currentOp.setOpNum(opNum);
- opBlock.add(currentOp);
- }
- }
- }
-
- @Test
- public void testAllOpsWithFailover() throws InterruptedException {
- addIgnoredException("Read timed out");
- runOpsWithFailOver(allOpsForAllOpsWithFailover(), "testAllOpsWithFailover");
- }
-
- private OperationWithAction[] unregisterOpsForTestUnregisterInterestWithFailover() {
- return new OperationWithAction[] {
- // Register interest in all KEYS using one key at a time
- new OperationWithAction(OperationCode.REGISTER_INTEREST, OperationCode.UNREGISTER_INTEREST, 3, OpFlags.NONE, 4),
- new OperationWithAction(OperationCode.REGISTER_INTEREST, 2),
- // UPDATE and test with GET
- new OperationWithAction(OperationCode.PUT),
- new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP, 4),
-
- // Unregister interest in all KEYS using one key at a time
- new OperationWithAction(OperationCode.UNREGISTER_INTEREST, 3, OpFlags.USE_OLDCONN | OpFlags.CHECK_NOTAUTHZ, 4),
- new OperationWithAction(OperationCode.UNREGISTER_INTEREST, 2, OpFlags.USE_OLDCONN, 4),
- // UPDATE and test with GET for no updates
- new OperationWithAction(OperationCode.PUT, 1, OpFlags.USE_OLDCONN | OpFlags.USE_NEWVAL, 4),
- new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP, 4),
-
- OperationWithAction.OPBLOCK_END,
-
- // Register interest in all KEYS using list
- new OperationWithAction(OperationCode.REGISTER_INTEREST, OperationCode.UNREGISTER_INTEREST, 3, OpFlags.USE_LIST, 4),
- new OperationWithAction(OperationCode.REGISTER_INTEREST, 1, OpFlags.USE_LIST, 4),
- // UPDATE and test with GET
- new OperationWithAction(OperationCode.PUT, 2),
- new OperationWithAction(OperationCode.GET, 1, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP, 4),
-
- // Unregister interest in all KEYS using list
- new OperationWithAction(OperationCode.UNREGISTER_INTEREST, 3, OpFlags.USE_OLDCONN | OpFlags.USE_LIST | OpFlags.CHECK_NOTAUTHZ, 4),
- new OperationWithAction(OperationCode.UNREGISTER_INTEREST, 1, OpFlags.USE_OLDCONN | OpFlags.USE_LIST, 4),
- // UPDATE and test with GET for no updates
- new OperationWithAction(OperationCode.PUT, 2, OpFlags.USE_OLDCONN | OpFlags.USE_NEWVAL, 4),
- new OperationWithAction(OperationCode.GET, 1, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP, 4),
-
- OperationWithAction.OPBLOCK_END,
-
- // Register interest in all KEYS using regular expression
- new OperationWithAction(OperationCode.REGISTER_INTEREST, OperationCode.UNREGISTER_INTEREST, 3, OpFlags.USE_REGEX, 4),
- new OperationWithAction(OperationCode.REGISTER_INTEREST, 2, OpFlags.USE_REGEX, 4),
- // UPDATE and test with GET
- new OperationWithAction(OperationCode.PUT),
- new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP, 4),
-
- // Unregister interest in all KEYS using regular expression
- new OperationWithAction(OperationCode.UNREGISTER_INTEREST, 3, OpFlags.USE_OLDCONN | OpFlags.USE_REGEX | OpFlags.CHECK_NOTAUTHZ, 4),
- new OperationWithAction(OperationCode.UNREGISTER_INTEREST, 2, OpFlags.USE_OLDCONN | OpFlags.USE_REGEX, 4),
- // UPDATE and test with GET for no updates
- new OperationWithAction(OperationCode.PUT, 1, OpFlags.USE_OLDCONN | OpFlags.USE_NEWVAL, 4),
- new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP, 4),
-
- OperationWithAction.OPBLOCK_END
- };
- }
-
- private OperationWithAction[] allOpsForAllOpsWithFailover() {
- return new OperationWithAction[] {
- // Test CREATE and verify with a GET
- new OperationWithAction(OperationCode.PUT, 3, OpFlags.CHECK_NOTAUTHZ, 4),
- new OperationWithAction(OperationCode.PUT),
- new OperationWithAction(OperationCode.GET, 3, OpFlags.CHECK_NOKEY | OpFlags.CHECK_NOTAUTHZ, 4),
- new OperationWithAction(OperationCode.GET, 2, OpFlags.CHECK_NOKEY, 4),
-
- // OPBLOCK_END indicates end of an operation block; the above block of three operations will be first executed on server1 and then on server2 after failover
- OperationWithAction.OPBLOCK_END,
-
- // Test PUTALL and verify with GETs
- new OperationWithAction(OperationCode.PUTALL, 3, OpFlags.USE_NEWVAL | OpFlags.CHECK_NOTAUTHZ, 4),
- new OperationWithAction(OperationCode.PUTALL, 1, OpFlags.USE_NEWVAL, 4),
- new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.USE_NEWVAL, 4),
- OperationWithAction.OPBLOCK_END,
-
- // Test UPDATE and verify with a GET
- new OperationWithAction(OperationCode.PUT, 3, OpFlags.USE_NEWVAL | OpFlags.CHECK_NOTAUTHZ, 4),
- new OperationWithAction(OperationCode.PUT, 1, OpFlags.USE_NEWVAL, 4),
- new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.USE_NEWVAL, 4),
-
- OperationWithAction.OPBLOCK_END,
-
- // Test DESTROY and verify with a GET and that key should not exist
- new OperationWithAction(OperationCode.DESTROY, 3, OpFlags.USE_NEWVAL | OpFlags.CHECK_NOTAUTHZ, 4),
- new OperationWithAction(OperationCode.DESTROY),
- new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.CHECK_FAIL, 4), // bruce: added check_nokey because we now bring tombstones to the client in 8.0
- // Repopulate the region
- new OperationWithAction(OperationCode.PUT, 1, OpFlags.USE_NEWVAL, 4),
-
- OperationWithAction.OPBLOCK_END,
-
- // Check CONTAINS_KEY
- new OperationWithAction(OperationCode.CONTAINS_KEY, 3, OpFlags.CHECK_NOTAUTHZ, 4),
- new OperationWithAction(OperationCode.CONTAINS_KEY),
- // Destroy the KEYS and check for failure in CONTAINS_KEY
- new OperationWithAction(OperationCode.DESTROY, 2),
- new OperationWithAction(OperationCode.CONTAINS_KEY, 3, OpFlags.CHECK_FAIL | OpFlags.CHECK_NOTAUTHZ, 4),
- new OperationWithAction(OperationCode.CONTAINS_KEY, 1, OpFlags.USE_OLDCONN | OpFlags.CHECK_FAIL, 4),
- // Repopulate the region
- new OperationWithAction(OperationCode.PUT),
-
- OperationWithAction.OPBLOCK_END,
-
- // Check KEY_SET
- new OperationWithAction(OperationCode.KEY_SET, 3, OpFlags.CHECK_NOTAUTHZ, 4),
- new OperationWithAction(OperationCode.KEY_SET, 2),
-
- OperationWithAction.OPBLOCK_END,
-
- // Check QUERY
- new OperationWithAction(OperationCode.QUERY, 3, OpFlags.CHECK_NOTAUTHZ, 4),
- new OperationWithAction(OperationCode.QUERY),
-
- OperationWithAction.OPBLOCK_END,
-
- // Register interest in all KEYS using one key at a time
- new OperationWithAction(OperationCode.REGISTER_INTEREST, 3, OpFlags.CHECK_NOTAUTHZ, 4),
- new OperationWithAction(OperationCode.REGISTER_INTEREST, 2),
- // UPDATE and test with GET
- new OperationWithAction(OperationCode.PUT),
- new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP, 4),
-
- // Unregister interest in all KEYS using one key at a time
- new OperationWithAction(OperationCode.UNREGISTER_INTEREST, 2, OpFlags.USE_OLDCONN, 4),
- // UPDATE and test with GET for no updates
- new OperationWithAction(OperationCode.PUT, 1, OpFlags.USE_OLDCONN | OpFlags.USE_NEWVAL, 4),
- new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP, 4),
-
- OperationWithAction.OPBLOCK_END,
-
- // Test GET_ENTRY inside a TX, see #49951
- new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_GET_ENTRY_IN_TX | OpFlags.CHECK_FAIL, 4),
-
- OperationWithAction.OPBLOCK_END };
- }
-
- private Properties getUserPassword(final String userName) {
- Properties props = new Properties();
- props.setProperty(UserPasswordAuthInit.USER_NAME, userName);
- props.setProperty(UserPasswordAuthInit.PASSWORD, userName);
- return props;
- }
-
- private void executeRIOpBlock(final List<OperationWithAction> opBlock, final int port1, final int port2, final String authInit, final Properties extraAuthProps, final Properties extraAuthzProps, final Properties javaProps) throws InterruptedException {
- for (Iterator opIter = opBlock.iterator(); opIter.hasNext();) {
- // Start client with valid credentials as specified in OperationWithAction
- OperationWithAction currentOp = (OperationWithAction)opIter.next();
- OperationCode opCode = currentOp.getOperationCode();
- int opFlags = currentOp.getFlags();
- int clientNum = currentOp.getClientNum();
- VM clientVM = null;
- boolean useThisVM = false;
-
- switch (clientNum) {
- case 1:
- clientVM = client1;
- break;
- case 2:
- clientVM = client2;
- break;
- case 3:
- useThisVM = true;
- break;
- default:
- fail("executeRIOpBlock: Unknown client number " + clientNum);
- break;
- }
-
- getLogWriter().info( "executeRIOpBlock: performing operation number [" + currentOp.getOpNum() + "]: " + currentOp);
- if ((opFlags & OpFlags.USE_OLDCONN) == 0) {
- Properties opCredentials = null;
- String currentRegionName = '/' + regionName;
- if ((opFlags & OpFlags.USE_SUBREGION) > 0) {
- currentRegionName += ('/' + SUBREGION_NAME);
- }
- String credentialsTypeStr;
- OperationCode authOpCode = currentOp.getAuthzOperationCode();
-
- if ((opFlags & OpFlags.CHECK_NOTAUTHZ) > 0 || (opFlags & OpFlags.USE_NOTAUTHZ) > 0 || !authOpCode.equals(opCode)) {
- credentialsTypeStr = " unauthorized " + authOpCode;
- if (authOpCode.isRegisterInterest()) {
- opCredentials = getUserPassword("reader7");
- } else if (authOpCode.isUnregisterInterest()) {
- opCredentials = getUserPassword("reader6");
- } else {
- fail("executeRIOpBlock: cannot determine credentials for" + credentialsTypeStr);
- }
-
- } else {
- credentialsTypeStr = " authorized " + authOpCode;
- if (authOpCode.isRegisterInterest() || authOpCode.isUnregisterInterest()) {
- opCredentials = getUserPassword("reader5");
- } else if (authOpCode.isPut()) {
- opCredentials = getUserPassword("writer1");
- } else if (authOpCode.isGet()) {
- opCredentials = getUserPassword("reader1");
- } else {
- fail("executeRIOpBlock: cannot determine credentials for" + credentialsTypeStr);
- }
- }
-
- Properties clientProps = concatProperties(new Properties[] { opCredentials, extraAuthProps, extraAuthzProps });
-
- // Start the client with valid credentials but allowed or disallowed to perform an operation
- getLogWriter().info("executeRIOpBlock: For client" + clientNum + credentialsTypeStr + " credentials: " + opCredentials);
- if (useThisVM) {
- createCacheClientWithDynamicRegion(authInit, clientProps, javaProps, new int[] { port1, port2 }, 0, false, NO_EXCEPTION);
- } else {
- clientVM.invoke(() -> createCacheClient(authInit, clientProps, javaProps, new int[] { port1, port2 }, 0, false, NO_EXCEPTION));
- }
-
- }
-
- int expectedResult;
- if ((opFlags & OpFlags.CHECK_NOTAUTHZ) > 0) {
- expectedResult = NOTAUTHZ_EXCEPTION;
- } else if ((opFlags & OpFlags.CHECK_EXCEPTION) > 0) {
- expectedResult = OTHER_EXCEPTION;
- } else {
- expectedResult = NO_EXCEPTION;
- }
-
- // Perform the operation from selected client
- if (useThisVM) {
- doOp(opCode, currentOp.getIndices(), opFlags, expectedResult);
-
- } else {
- int[] indices = currentOp.getIndices();
- clientVM.invoke(() -> ClientAuthorizationTestCase.doOp(opCode, indices, opFlags, expectedResult));
- }
- }
- }
-
- private void createClient2NoException(final Properties javaProps, final String authInit, final int port1, final int port2, final Properties getCredentials) {
- client2.invoke(() -> ClientAuthenticationTestUtils.createCacheClient(authInit, getCredentials, javaProps, port1, port2, 0, NO_EXCEPTION));
- }
-
- private void createClient1NoException(final Properties javaProps, final String authInit, final int port1, final int port2, final Properties createCredentials) {
- client1.invoke(() -> ClientAuthenticationTestUtils.createCacheClient(authInit, createCredentials, javaProps, port1, port2, 0, NO_EXCEPTION));
- }
-
- private int createServer2(final Properties javaProps, final Properties serverProps) {
- return server2.invoke(() -> ClientAuthorizationTestCase.createCacheServer(getLocatorPort(), serverProps, javaProps));
- }
-
- private int createServer1(final Properties javaProps, final Properties serverProps) {
- return server1.invoke(() -> ClientAuthorizationTestCase.createCacheServer(getLocatorPort(), serverProps, javaProps));
- }
-
- private void createServer2(Properties javaProps, Properties serverProps, int port2) {
- server2.invoke(() -> ClientAuthorizationTestCase.createCacheServer(getLocatorPort(), port2, serverProps, javaProps));
- }
-}