You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by je...@apache.org on 2016/03/16 02:34:32 UTC

incubator-geode git commit: GEODE-17: Added LockServiceMXBean authorization test

Repository: incubator-geode
Updated Branches:
  refs/heads/feature/GEODE-17-2 374e20cef -> 91378b543


GEODE-17: Added LockServiceMXBean authorization test


Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/91378b54
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/91378b54
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/91378b54

Branch: refs/heads/feature/GEODE-17-2
Commit: 91378b543d8a90891906d41b665b19781b274256
Parents: 374e20c
Author: Jens Deppe <jd...@pivotal.io>
Authored: Tue Mar 15 18:33:02 2016 -0700
Committer: Jens Deppe <jd...@pivotal.io>
Committed: Tue Mar 15 18:33:02 2016 -0700

----------------------------------------------------------------------
 .../LockServiceMBeanAuthorizationJUnitTest.java | 86 ++++++++++++++++++++
 .../security/MBeanServerConnectionRule.java     |  8 +-
 .../internal/security/cacheServer.json          |  3 +-
 3 files changed, 92 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/91378b54/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java
new file mode 100644
index 0000000..9803083
--- /dev/null
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java
@@ -0,0 +1,86 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.management.internal.security;
+
+import com.gemstone.gemfire.cache.Cache;
+import com.gemstone.gemfire.cache.CacheFactory;
+import com.gemstone.gemfire.distributed.DistributedLockService;
+import com.gemstone.gemfire.distributed.internal.InternalDistributedSystem;
+import com.gemstone.gemfire.distributed.internal.locks.DLockService;
+import com.gemstone.gemfire.internal.AvailablePort;
+import com.gemstone.gemfire.management.CacheServerMXBean;
+import com.gemstone.gemfire.management.LockServiceMXBean;
+import com.gemstone.gemfire.test.dunit.Host;
+import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.ClassRule;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+
+@Category(IntegrationTest.class)
+public class LockServiceMBeanAuthorizationJUnitTest {
+  private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
+
+  private LockServiceMXBean lockServiceMBean;
+
+  @ClassRule
+  public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
+      jmxManagerPort, "cacheServer.json");
+
+  @Rule
+  public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
+
+  @BeforeClass
+  public static void beforeClassSetUp() {
+    Cache cache = CacheFactory.getAnyInstance();
+    DLockService.create("test-lock-service", (InternalDistributedSystem) cache.getDistributedSystem(), false, true, true);
+  }
+
+  @Before
+  public void setUp() throws Exception {
+    lockServiceMBean = connectionRule.getProxyMBean(LockServiceMXBean.class);
+  }
+
+  @AfterClass
+  public static void afterClassTeardown() {
+    DLockService.destroyAll();
+  }
+
+  @Test
+  @JMXConnectionConfiguration(user = "superuser", password = "1234567")
+  public void testAllAccess() throws Exception {
+    lockServiceMBean.becomeLockGrantor(); // "INDEX:DESTROY",
+  }
+
+  @Test
+  @JMXConnectionConfiguration(user = "user", password = "1234567")
+  public void testSomeAccess() throws Exception {
+    assertThatThrownBy(() -> lockServiceMBean.becomeLockGrantor()).isInstanceOf(SecurityException.class);
+    lockServiceMBean.getMemberCount();
+  }
+
+  @Test
+  @JMXConnectionConfiguration(user = "stranger", password = "1234567")
+  public void testNoAccess() throws Exception {
+    assertThatThrownBy(() -> lockServiceMBean.becomeLockGrantor()).isInstanceOf(SecurityException.class);
+  }
+}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/91378b54/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanServerConnectionRule.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanServerConnectionRule.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanServerConnectionRule.java
index 5b1ca3c..2f8342e 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanServerConnectionRule.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanServerConnectionRule.java
@@ -34,6 +34,8 @@ import java.util.HashMap;
 import java.util.Map;
 import java.util.Set;
 
+import static org.junit.Assert.assertEquals;
+
 /**
  * Class which eases the creation of MBeans for security testing. When combined with {@link JMXConnectionConfiguration}
  * it allows for the creation of per-test connections with different user/password combinations.
@@ -73,10 +75,8 @@ public class MBeanServerConnectionRule extends DescribedExternalResource {
     }
 
     Set<ObjectInstance> beans = con.queryMBeans(name, query);
-    if (beans.size() != 1) {
-      throw new RuntimeException(
-          "failed to find only one instance of " + proxyClass.getName() + " with name " + beanQueryName);
-    }
+    assertEquals("failed to find only one instance of type " + proxyClass.getName() + " with name " + beanQueryName, 1, beans.size());
+
     return JMX.newMXBeanProxy(con, ((ObjectInstance) beans.toArray()[0]).getObjectName(), proxyClass);
   }
 

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/91378b54/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/cacheServer.json
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/cacheServer.json b/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/cacheServer.json
index dd7f830..be2d8f5 100644
--- a/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/cacheServer.json
+++ b/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/cacheServer.json
@@ -18,7 +18,8 @@
         "REGION:IMPORT",
         "REGION:PUT",
         "REGION:GET",
-        "REGION:DELETE"
+        "REGION:DELETE",
+        "LOCK_SERVICE:BECOME_LOCK_GRANTOR"
       ]
     },
     {