You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by kl...@apache.org on 2015/12/22 20:26:26 UTC
[24/35] incubator-geode git commit: GEM-164: move the security tests
in gemfire-test module inside the com.gemstone.gemfire.security packages to
the open side.
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a622d6ec/gemfire-core/src/test/java/com/gemstone/gemfire/security/ClientMultiUserAuthzDUnitTest.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/test/java/com/gemstone/gemfire/security/ClientMultiUserAuthzDUnitTest.java b/gemfire-core/src/test/java/com/gemstone/gemfire/security/ClientMultiUserAuthzDUnitTest.java
new file mode 100644
index 0000000..ceeb989
--- /dev/null
+++ b/gemfire-core/src/test/java/com/gemstone/gemfire/security/ClientMultiUserAuthzDUnitTest.java
@@ -0,0 +1,537 @@
+
+package com.gemstone.gemfire.security;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+import java.util.Iterator;
+import java.util.Properties;
+
+import templates.security.AuthzCredentialGenerator;
+import templates.security.CredentialGenerator;
+
+import com.gemstone.gemfire.cache.Region;
+import com.gemstone.gemfire.cache.execute.Function;
+import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
+import com.gemstone.gemfire.internal.AvailablePort;
+import com.gemstone.gemfire.internal.cache.GemFireCacheImpl;
+import com.gemstone.gemfire.internal.cache.execute.PRClientServerTestBase;
+import com.gemstone.gemfire.internal.cache.functions.TestFunction;
+
+import dunit.Host;
+
+public class ClientMultiUserAuthzDUnitTest extends ClientAuthorizationTestBase {
+
+ /** constructor */
+ public ClientMultiUserAuthzDUnitTest(String name) {
+ super(name);
+ }
+
+ public void setUp() throws Exception {
+
+ super.setUp();
+ final Host host = Host.getHost(0);
+ server1 = host.getVM(0);
+ server2 = host.getVM(1);
+ client1 = host.getVM(2);
+ client2 = host.getVM(3);
+
+ server1.invoke(SecurityTestUtil.class, "registerExpectedExceptions",
+ new Object[] { serverExpectedExceptions });
+ server2.invoke(SecurityTestUtil.class, "registerExpectedExceptions",
+ new Object[] { serverExpectedExceptions });
+ client2.invoke(SecurityTestUtil.class, "registerExpectedExceptions",
+ new Object[] { clientExpectedExceptions });
+ SecurityTestUtil.registerExpectedExceptions(clientExpectedExceptions);
+ }
+
+ // Tests with one user authorized to do puts/gets/containsKey/destroys and
+ // another not authorized for the same.
+ public void testOps1() throws Exception {
+ Iterator iter = getDummyGeneratorCombos().iterator();
+ while (iter.hasNext()) {
+ AuthzCredentialGenerator gen = (AuthzCredentialGenerator)iter.next();
+ CredentialGenerator cGen = gen.getCredentialGenerator();
+ Properties extraAuthProps = cGen.getSystemProperties();
+ Properties javaProps = cGen.getJavaProperties();
+ Properties extraAuthzProps = gen.getSystemProperties();
+ String authenticator = cGen.getAuthenticator();
+ String authInit = cGen.getAuthInit();
+ String accessor = gen.getAuthorizationCallback();
+
+ getLogWriter().info("testOps1: Using authinit: " + authInit);
+ getLogWriter().info(
+ "testOps1: Using authenticator: " + authenticator);
+ getLogWriter().info("testOps1: Using accessor: " + accessor);
+
+ // Start servers with all required properties
+ Properties serverProps = buildProperties(authenticator, accessor, false,
+ extraAuthProps, extraAuthzProps);
+ Integer port1 = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
+ Integer port2 = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
+ server1.invoke(ClientAuthorizationTestBase.class, "createCacheServer",
+ new Object[] {SecurityTestUtil.getLocatorPort(), port1, serverProps,
+ javaProps});
+ server2.invoke(ClientAuthorizationTestBase.class, "createCacheServer",
+ new Object[] {SecurityTestUtil.getLocatorPort(), port2, serverProps,
+ javaProps});
+
+ if (!prepareClientsForOps(gen, cGen, new OperationCode[] {
+ OperationCode.PUT, OperationCode.PUT}, new OperationCode[] {
+ OperationCode.GET, OperationCode.GET}, javaProps, authInit, port1,
+ port2)) {
+ continue;
+ }
+ verifyPutsGets();
+
+ if (!prepareClientsForOps(gen, cGen, new OperationCode[] {
+ OperationCode.PUT, OperationCode.CONTAINS_KEY}, new OperationCode[] {
+ OperationCode.DESTROY, OperationCode.DESTROY},
+ javaProps, authInit, port1, port2)) {
+ continue;
+ }
+ verifyContainsKeyDestroys();
+
+ if (!prepareClientsForOps(gen, cGen, new OperationCode[] {
+ OperationCode.PUT, OperationCode.CONTAINS_KEY}, new OperationCode[] {
+ OperationCode.INVALIDATE, OperationCode.INVALIDATE},
+ javaProps, authInit, port1, port2)) {
+ continue;
+ }
+ verifyContainsKeyInvalidates();
+
+ if (!prepareClientsForOps(gen, cGen, new OperationCode[] {
+ OperationCode.GET, OperationCode.GET}, new OperationCode[] {
+ OperationCode.REGION_DESTROY, OperationCode.REGION_DESTROY},
+ javaProps, authInit, port1, port2)) {
+ continue;
+ }
+ verifyGetAllInTX();
+ verifyGetAllRegionDestroys();
+ }
+ }
+
+ private boolean prepareClientsForOps(AuthzCredentialGenerator gen,
+ CredentialGenerator cGen, OperationCode[] client1OpCodes,
+ OperationCode[] client2OpCodes, Properties javaProps, String authInit,
+ Integer port1, Integer port2) {
+ return prepareClientsForOps(gen, cGen, client1OpCodes, client2OpCodes,
+ javaProps, authInit, port1, port2, Boolean.TRUE /*
+ * both clients in
+ * multiuser mode
+ */, Boolean.FALSE /* unused */);
+ }
+
+ private boolean prepareClientsForOps(AuthzCredentialGenerator gen,
+ CredentialGenerator cGen, OperationCode[] client1OpCodes,
+ OperationCode[] client2OpCodes, Properties javaProps, String authInit,
+ Integer port1, Integer port2, Boolean bothClientsInMultiuserMode,
+ Boolean allowOp) {
+ // Start client1 with valid/invalid client1OpCodes credentials
+ Properties[] client1Credentials = new Properties[] {
+ gen.getAllowedCredentials(client1OpCodes, new String[] {regionName}, 1),
+ gen.getDisallowedCredentials(new OperationCode[] {client1OpCodes[1]},
+ new String[] {regionName}, 1)};
+ if (client1Credentials[0] == null || client1Credentials[0].size() == 0) {
+ getLogWriter().info(
+ "testOps1: Unable to obtain valid credentials with "
+ + client1OpCodes[0].toString()
+ + " permission; skipping this combination.");
+ return false;
+ }
+ if (client1Credentials[1] == null || client1Credentials[1].size() == 0) {
+ getLogWriter().info(
+ "testOps1: Unable to obtain valid credentials with no "
+ + client1OpCodes[0].toString()
+ + " permission; skipping this combination.");
+ return false;
+ }
+ javaProps = cGen.getJavaProperties();
+ getLogWriter().info(
+ "testOps1: For first client credentials: " + client1Credentials[0]
+ + "\n" + client1Credentials[1]);
+ client1.invoke(SecurityTestUtil.class, "createCacheClientForMultiUserMode",
+ new Object[] {Integer.valueOf(2), authInit, client1Credentials,
+ javaProps, new Integer[] {port1, port2}, null, Boolean.FALSE,
+ SecurityTestUtil.NO_EXCEPTION});
+
+ // Start client2 with valid/invalid client2OpCodes credentials
+ Properties[] client2Credentials = new Properties[] {
+ gen.getAllowedCredentials(client2OpCodes,
+ new String[] {regionName}, 2),
+ gen.getDisallowedCredentials(client2OpCodes,
+ new String[] {regionName}, 9)};
+ if (client2Credentials[0] == null || client2Credentials[0].size() == 0) {
+ getLogWriter().info(
+ "testOps1: Unable to obtain valid credentials with "
+ + client2OpCodes[0].toString()
+ + " permission; skipping this combination.");
+ return false;
+ }
+ if (client2Credentials[1] == null || client2Credentials[1].size() == 0) {
+ getLogWriter().info(
+ "testOps1: Unable to obtain valid credentials with no "
+ + client2OpCodes[0].toString()
+ + " permission; skipping this combination.");
+ return false;
+ }
+ javaProps = cGen.getJavaProperties();
+ getLogWriter().info(
+ "testOps1: For second client credentials: " + client2Credentials[0]
+ + "\n" + client2Credentials[1]);
+ if (bothClientsInMultiuserMode) {
+ client2.invoke(SecurityTestUtil.class,
+ "createCacheClientForMultiUserMode", new Object[] {
+ Integer.valueOf(2), authInit, client2Credentials, javaProps,
+ new Integer[] {port1, port2}, null, Boolean.FALSE,
+ SecurityTestUtil.NO_EXCEPTION});
+ } else {
+ int credentialsIndex = allowOp ? 0 : 1;
+ client2.invoke(SecurityTestUtil.class, "createCacheClient", new Object[] {
+ authInit, client2Credentials[credentialsIndex], javaProps,
+ new Integer[] {port1, port2}, null, Boolean.FALSE, "false",
+ SecurityTestUtil.NO_EXCEPTION});
+ }
+ return true;
+ }
+
+ private void verifyPutsGets() throws Exception {
+ verifyPutsGets(true, false /*unused */);
+ }
+
+ private void verifyPutsGets(Boolean isMultiuser, Boolean opAllowed)
+ throws Exception {
+ // Perform some put operations from client1
+ client1.invoke(SecurityTestUtil.class, "doMultiUserPuts", new Object[] {
+ Integer.valueOf(2),
+ Integer.valueOf(2),
+ new Integer[] {SecurityTestUtil.NO_EXCEPTION,
+ SecurityTestUtil.NOTAUTHZ_EXCEPTION}});
+
+ // Verify that the gets succeed/fail
+ if (isMultiuser) {
+ client2.invoke(SecurityTestUtil.class, "doMultiUserGets", new Object[] {
+ Integer.valueOf(2),
+ Integer.valueOf(2),
+ new Integer[] {SecurityTestUtil.NO_EXCEPTION,
+ SecurityTestUtil.NOTAUTHZ_EXCEPTION}});
+ } else {
+ int expectedResult = (opAllowed) ? SecurityTestUtil.NO_EXCEPTION
+ : SecurityTestUtil.NOTAUTHZ_EXCEPTION;
+ client2.invoke(SecurityTestUtil.class, "doMultiUserGets", new Object[] {
+ Integer.valueOf(1), Integer.valueOf(1),
+ new Integer[] {expectedResult}});
+ }
+ }
+
+ private void verifyContainsKeyDestroys() throws Exception {
+ verifyContainsKeyDestroys(true, false /* unused */);
+ }
+
+ private void verifyContainsKeyDestroys(Boolean isMultiuser, Boolean opAllowed)
+ throws Exception {
+ // Do puts before verifying containsKey
+ client1.invoke(SecurityTestUtil.class, "doMultiUserPuts", new Object[] {
+ Integer.valueOf(2),
+ Integer.valueOf(2),
+ new Integer[] {SecurityTestUtil.NO_EXCEPTION,
+ SecurityTestUtil.NO_EXCEPTION}});
+ client1.invoke(SecurityTestUtil.class, "doMultiUserContainsKeys",
+ new Object[] {
+ Integer.valueOf(1),
+ Integer.valueOf(2),
+ new Integer[] {SecurityTestUtil.NO_EXCEPTION,
+ SecurityTestUtil.NOTAUTHZ_EXCEPTION},
+ new Boolean[] {Boolean.TRUE, Boolean.FALSE}});
+
+ // Verify that the destroys succeed/fail
+ if (isMultiuser) {
+ client2.invoke(SecurityTestUtil.class, "doMultiUserDestroys",
+ new Object[] {
+ Integer.valueOf(2),
+ Integer.valueOf(2),
+ new Integer[] {SecurityTestUtil.NO_EXCEPTION,
+ SecurityTestUtil.NOTAUTHZ_EXCEPTION}});
+ } else {
+ int expectedResult = (opAllowed) ? SecurityTestUtil.NO_EXCEPTION
+ : SecurityTestUtil.NOTAUTHZ_EXCEPTION;
+ client2.invoke(SecurityTestUtil.class, "doMultiUserDestroys",
+ new Object[] {Integer.valueOf(1), Integer.valueOf(1),
+ new Integer[] {expectedResult}});
+ }
+ }
+
+ private void verifyContainsKeyInvalidates() throws Exception {
+ verifyContainsKeyInvalidates(true, false /* unused */);
+ }
+
+ private void verifyContainsKeyInvalidates(Boolean isMultiuser, Boolean opAllowed)
+ throws Exception {
+ // Do puts before verifying containsKey
+ client1.invoke(SecurityTestUtil.class, "doMultiUserPuts", new Object[] {
+ Integer.valueOf(2),
+ Integer.valueOf(2),
+ new Integer[] {SecurityTestUtil.NO_EXCEPTION,
+ SecurityTestUtil.NO_EXCEPTION}});
+ client1.invoke(SecurityTestUtil.class, "doMultiUserContainsKeys",
+ new Object[] {
+ Integer.valueOf(1),
+ Integer.valueOf(2),
+ new Integer[] {SecurityTestUtil.NO_EXCEPTION,
+ SecurityTestUtil.NOTAUTHZ_EXCEPTION},
+ new Boolean[] {Boolean.TRUE, Boolean.FALSE}});
+
+ // Verify that the invalidates succeed/fail
+ if (isMultiuser) {
+ client2.invoke(SecurityTestUtil.class, "doMultiUserInvalidates",
+ new Object[] {
+ Integer.valueOf(2),
+ Integer.valueOf(2),
+ new Integer[] {SecurityTestUtil.NO_EXCEPTION,
+ SecurityTestUtil.NOTAUTHZ_EXCEPTION}});
+ } else {
+ int expectedResult = (opAllowed) ? SecurityTestUtil.NO_EXCEPTION
+ : SecurityTestUtil.NOTAUTHZ_EXCEPTION;
+ client2.invoke(SecurityTestUtil.class, "doMultiUserInvalidates",
+ new Object[] {Integer.valueOf(1), Integer.valueOf(1),
+ new Integer[] {expectedResult}});
+ }
+ }
+
+ private void verifyGetAllInTX() {
+ server1.invoke(ClientMultiUserAuthzDUnitTest.class, "doPuts");
+ client1.invoke(SecurityTestUtil.class, "doMultiUserGetAll", new Object[] {
+ Integer.valueOf(2),
+ new Integer[] {SecurityTestUtil.NO_EXCEPTION,
+ SecurityTestUtil.NOTAUTHZ_EXCEPTION}, Boolean.TRUE/*use TX*/});
+ }
+
+ private void verifyGetAllRegionDestroys() {
+ server1.invoke(ClientMultiUserAuthzDUnitTest.class, "doPuts");
+ client1.invoke(SecurityTestUtil.class, "doMultiUserGetAll", new Object[] {
+ Integer.valueOf(2),
+ new Integer[] {SecurityTestUtil.NO_EXCEPTION,
+ SecurityTestUtil.NOTAUTHZ_EXCEPTION}});
+
+ // Verify that the region destroys succeed/fail
+ client2.invoke(SecurityTestUtil.class, "doMultiUserRegionDestroys",
+ new Object[] {
+ Integer.valueOf(2),
+ new Integer[] {SecurityTestUtil.NO_EXCEPTION,
+ SecurityTestUtil.NOTAUTHZ_EXCEPTION}});
+ }
+
+ public static void doPuts() {
+ Region region = GemFireCacheImpl.getInstance().getRegion(SecurityTestUtil.regionName);
+ region.put("key1", "value1");
+ region.put("key2", "value2");
+ }
+
+ // Test query/function execute
+ public void testOps2() throws Exception {
+ AuthzCredentialGenerator gen = getXmlAuthzGenerator();
+ CredentialGenerator cGen = gen.getCredentialGenerator();
+ Properties extraAuthProps = cGen.getSystemProperties();
+ Properties javaProps = cGen.getJavaProperties();
+ Properties extraAuthzProps = gen.getSystemProperties();
+ String authenticator = cGen.getAuthenticator();
+ String authInit = cGen.getAuthInit();
+ String accessor = gen.getAuthorizationCallback();
+
+ getLogWriter().info("testOps2: Using authinit: " + authInit);
+ getLogWriter().info("testOps2: Using authenticator: " + authenticator);
+ getLogWriter().info("testOps2: Using accessor: " + accessor);
+
+ // Start servers with all required properties
+ Properties serverProps = buildProperties(authenticator, accessor, false,
+ extraAuthProps, extraAuthzProps);
+ Integer port1 = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
+ Integer port2 = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
+ server1.invoke(ClientAuthorizationTestBase.class, "createCacheServer",
+ new Object[] {SecurityTestUtil.getLocatorPort(), port1, serverProps,
+ javaProps});
+ server2.invoke(ClientAuthorizationTestBase.class, "createCacheServer",
+ new Object[] {SecurityTestUtil.getLocatorPort(), port2, serverProps,
+ javaProps});
+
+ // Start client1 with valid/invalid QUERY credentials
+ Properties[] client1Credentials = new Properties[] {
+ gen.getAllowedCredentials(
+ new OperationCode[] {OperationCode.PUT, OperationCode.QUERY},
+ new String[] {regionName},
+ 1),
+ gen.getDisallowedCredentials(
+ new OperationCode[] {OperationCode.PUT, OperationCode.QUERY},
+ new String[] {regionName},
+ 1)
+ };
+
+ javaProps = cGen.getJavaProperties();
+ getLogWriter().info(
+ "testOps2: For first client credentials: " + client1Credentials[0]
+ + "\n" + client1Credentials[1]);
+ client1.invoke(SecurityTestUtil.class,
+ "createCacheClientForMultiUserMode", new Object[] {
+ Integer.valueOf(2), authInit, client1Credentials, javaProps,
+ new Integer[] {port1, port2}, null, Boolean.FALSE,
+ SecurityTestUtil.NO_EXCEPTION});
+
+ // Start client2 with valid/invalid EXECUTE_FUNCTION credentials
+ Properties[] client2Credentials = new Properties[] {
+ gen.getAllowedCredentials(new OperationCode[] {OperationCode.EXECUTE_FUNCTION},
+ new String[] {regionName}, 2),
+ gen.getDisallowedCredentials(new OperationCode[] {OperationCode.EXECUTE_FUNCTION},
+ new String[] {regionName}, 9)};
+
+ javaProps = cGen.getJavaProperties();
+ getLogWriter().info(
+ "testOps2: For second client credentials: " + client2Credentials[0]
+ + "\n" + client2Credentials[1]);
+ client2.invoke(SecurityTestUtil.class,
+ "createCacheClientForMultiUserMode", new Object[] {
+ Integer.valueOf(2), authInit, client2Credentials, javaProps,
+ new Integer[] {port1, port2}, null, Boolean.FALSE,
+ SecurityTestUtil.NO_EXCEPTION});
+ Function function = new TestFunction(true,TestFunction.TEST_FUNCTION1);
+ server1.invoke(PRClientServerTestBase.class,
+ "registerFunction", new Object []{function});
+
+ server2.invoke(PRClientServerTestBase.class,
+ "registerFunction", new Object []{function});
+
+ // Perform some put operations before verifying queries
+ client1.invoke(SecurityTestUtil.class, "doMultiUserPuts", new Object[] {
+ Integer.valueOf(4),
+ Integer.valueOf(2),
+ new Integer[] {SecurityTestUtil.NO_EXCEPTION,
+ SecurityTestUtil.NOTAUTHZ_EXCEPTION}});
+ client1.invoke(SecurityTestUtil.class, "doMultiUserQueries",
+ new Object[] {
+ Integer.valueOf(2),
+ new Integer[] {SecurityTestUtil.NO_EXCEPTION,
+ SecurityTestUtil.NOTAUTHZ_EXCEPTION}, Integer.valueOf(4)});
+ client1.invoke(SecurityTestUtil.class, "doMultiUserQueryExecute",
+ new Object[] {
+ Integer.valueOf(2),
+ new Integer[] {SecurityTestUtil.NO_EXCEPTION,
+ SecurityTestUtil.NOTAUTHZ_EXCEPTION}, Integer.valueOf(4)});
+
+ // Verify that the FE succeeds/fails
+ client2.invoke(SecurityTestUtil.class, "doMultiUserFE", new Object[] {
+ Integer.valueOf(2),
+ function,
+ new Integer[] {SecurityTestUtil.NO_EXCEPTION,
+ SecurityTestUtil.NOTAUTHZ_EXCEPTION}, new Object[] {null, null},
+ Boolean.FALSE});
+
+ // Failover
+ server1.invoke(SecurityTestUtil.class, "closeCache");
+ Thread.sleep(2000);
+
+ client1.invoke(SecurityTestUtil.class, "doMultiUserPuts", new Object[] {
+ Integer.valueOf(4),
+ Integer.valueOf(2),
+ new Integer[] {SecurityTestUtil.NO_EXCEPTION,
+ SecurityTestUtil.NOTAUTHZ_EXCEPTION}});
+
+ client1.invoke(SecurityTestUtil.class, "doMultiUserQueries",
+ new Object[] {
+ Integer.valueOf(2),
+ new Integer[] {SecurityTestUtil.NO_EXCEPTION,
+ SecurityTestUtil.NOTAUTHZ_EXCEPTION}, Integer.valueOf(4)});
+ client1.invoke(SecurityTestUtil.class, "doMultiUserQueryExecute",
+ new Object[] {
+ Integer.valueOf(2),
+ new Integer[] {SecurityTestUtil.NO_EXCEPTION,
+ SecurityTestUtil.NOTAUTHZ_EXCEPTION}, Integer.valueOf(4)});
+
+ // Verify that the FE succeeds/fails
+ client2.invoke(SecurityTestUtil.class, "doMultiUserFE", new Object[] {
+ Integer.valueOf(2),
+ function,
+ new Integer[] {SecurityTestUtil.NO_EXCEPTION,
+ SecurityTestUtil.NOTAUTHZ_EXCEPTION}, new Object[] {null, null},
+ Boolean.TRUE});
+
+
+ }
+
+ public void testOpsWithClientsInDifferentModes() throws Exception {
+ Iterator iter = getDummyGeneratorCombos().iterator();
+ while (iter.hasNext()) {
+ AuthzCredentialGenerator gen = (AuthzCredentialGenerator)iter.next();
+ CredentialGenerator cGen = gen.getCredentialGenerator();
+ Properties extraAuthProps = cGen.getSystemProperties();
+ Properties javaProps = cGen.getJavaProperties();
+ Properties extraAuthzProps = gen.getSystemProperties();
+ String authenticator = cGen.getAuthenticator();
+ String authInit = cGen.getAuthInit();
+ String accessor = gen.getAuthorizationCallback();
+
+ getLogWriter().info("testOpsWithClientsInDifferentModes: Using authinit: " + authInit);
+ getLogWriter().info(
+ "testOpsWithClientsInDifferentModes: Using authenticator: " + authenticator);
+ getLogWriter().info("testOpsWithClientsInDifferentModes: Using accessor: " + accessor);
+
+ // Start servers with all required properties
+ Properties serverProps = buildProperties(authenticator, accessor, false,
+ extraAuthProps, extraAuthzProps);
+ Integer port1 = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
+ Integer port2 = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
+ server1.invoke(ClientAuthorizationTestBase.class, "createCacheServer",
+ new Object[] {SecurityTestUtil.getLocatorPort(), port1, serverProps,
+ javaProps});
+ server2.invoke(ClientAuthorizationTestBase.class, "createCacheServer",
+ new Object[] {SecurityTestUtil.getLocatorPort(), port2, serverProps,
+ javaProps});
+
+ if (!prepareClientsForOps(gen, cGen, new OperationCode[] {
+ OperationCode.PUT, OperationCode.PUT}, new OperationCode[] {
+ OperationCode.GET, OperationCode.GET}, javaProps, authInit, port1,
+ port2, Boolean.FALSE, Boolean.TRUE)) {
+ continue;
+ }
+ verifyPutsGets(false, true);
+
+ if (!prepareClientsForOps(gen, cGen, new OperationCode[] {
+ OperationCode.PUT, OperationCode.CONTAINS_KEY}, new OperationCode[] {
+ OperationCode.DESTROY, OperationCode.DESTROY},
+ javaProps, authInit, port1, port2, Boolean.FALSE, Boolean.FALSE)) {
+ continue;
+ }
+ verifyContainsKeyDestroys(false, false);
+ }
+ }
+
+ // End Region: Tests
+
+ public void tearDown2() throws Exception {
+
+ super.tearDown2();
+ // close the clients first
+ client1.invoke(SecurityTestUtil.class, "closeCache");
+ client2.invoke(SecurityTestUtil.class, "closeCache");
+ SecurityTestUtil.closeCache();
+ // then close the servers
+ server1.invoke(SecurityTestUtil.class, "closeCache");
+ server2.invoke(SecurityTestUtil.class, "closeCache");
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a622d6ec/gemfire-core/src/test/java/com/gemstone/gemfire/security/DeltaClientAuthorizationDUnitTest.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/test/java/com/gemstone/gemfire/security/DeltaClientAuthorizationDUnitTest.java b/gemfire-core/src/test/java/com/gemstone/gemfire/security/DeltaClientAuthorizationDUnitTest.java
new file mode 100644
index 0000000..16573c2
--- /dev/null
+++ b/gemfire-core/src/test/java/com/gemstone/gemfire/security/DeltaClientAuthorizationDUnitTest.java
@@ -0,0 +1,336 @@
+
+package com.gemstone.gemfire.security;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+import java.util.Properties;
+
+import templates.security.AuthzCredentialGenerator;
+import templates.security.CredentialGenerator;
+
+import com.gemstone.gemfire.DeltaTestImpl;
+import com.gemstone.gemfire.cache.Region;
+import com.gemstone.gemfire.cache.client.NoAvailableServersException;
+import com.gemstone.gemfire.cache.client.ServerConnectivityException;
+import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
+import com.gemstone.gemfire.internal.cache.PartitionedRegionLocalMaxMemoryDUnitTest.TestObject1;
+
+import dunit.Host;
+
+/**
+ * @since 6.1
+ */
+public class DeltaClientAuthorizationDUnitTest extends
+ ClientAuthorizationTestBase {
+
+ protected static final DeltaTestImpl[] deltas = new DeltaTestImpl[8];
+
+ static {
+ for (int i = 0; i < 8; i++) {
+ deltas[i] = new DeltaTestImpl(0, "0", new Double(0), new byte[0],
+ new TestObject1("0", 0));
+ }
+ deltas[1].setIntVar(5);
+ deltas[2].setIntVar(5);
+ deltas[3].setIntVar(5);
+ deltas[4].setIntVar(5);
+ deltas[5].setIntVar(5);
+ deltas[6].setIntVar(5);
+ deltas[7].setIntVar(5);
+
+ deltas[2].resetDeltaStatus();
+ deltas[2].setByteArr(new byte[] { 1, 2, 3, 4, 5 });
+ deltas[3].setByteArr(new byte[] { 1, 2, 3, 4, 5 });
+ deltas[4].setByteArr(new byte[] { 1, 2, 3, 4, 5 });
+ deltas[5].setByteArr(new byte[] { 1, 2, 3, 4, 5 });
+ //deltas[6].setByteArr(new byte[] { 1, 2, 3, 4, 5 });
+ //deltas[7].setByteArr(new byte[] { 1, 2, 3, 4, 5 });
+
+ deltas[3].resetDeltaStatus();
+ deltas[3].setDoubleVar(new Double(5));
+ deltas[4].setDoubleVar(new Double(5));
+ deltas[5].setDoubleVar(new Double(5));
+ deltas[6].setDoubleVar(new Double(5));
+ deltas[7].setDoubleVar(new Double(5));
+
+ deltas[4].resetDeltaStatus();
+ deltas[4].setStr("str changed");
+ deltas[5].setStr("str changed");
+ deltas[6].setStr("str changed");
+ //deltas[7].setStr("str changed");
+
+ deltas[5].resetDeltaStatus();
+ deltas[5].setIntVar(100);
+ deltas[5].setTestObj(new TestObject1("CHANGED", 100));
+ deltas[6].setTestObj(new TestObject1("CHANGED", 100));
+ deltas[7].setTestObj(new TestObject1("CHANGED", 100));
+
+ deltas[6].resetDeltaStatus();
+ deltas[6].setByteArr(new byte[] { 1, 2, 3 });
+ deltas[7].setByteArr(new byte[] { 1, 2, 3 });
+
+ deltas[7].resetDeltaStatus();
+ deltas[7].setStr("delta string");
+
+ }
+
+ /** constructor */
+ public DeltaClientAuthorizationDUnitTest(String name) {
+ super(name);
+ }
+
+ public void setUp() throws Exception {
+ super.setUp();
+ final Host host = Host.getHost(0);
+ server1 = host.getVM(0);
+ server2 = host.getVM(1);
+ client1 = host.getVM(2);
+ client2 = host.getVM(3);
+
+ server1.invoke(SecurityTestUtil.class, "registerExpectedExceptions",
+ new Object[] { serverExpectedExceptions });
+ server2.invoke(SecurityTestUtil.class, "registerExpectedExceptions",
+ new Object[] { serverExpectedExceptions });
+ client2.invoke(SecurityTestUtil.class, "registerExpectedExceptions",
+ new Object[] { clientExpectedExceptions });
+ SecurityTestUtil.registerExpectedExceptions(clientExpectedExceptions);
+ }
+
+ public void tearDown2() throws Exception {
+ super.tearDown2();
+ // close the clients first
+ client1.invoke(SecurityTestUtil.class, "closeCache");
+ client2.invoke(SecurityTestUtil.class, "closeCache");
+ SecurityTestUtil.closeCache();
+ // then close the servers
+ server1.invoke(SecurityTestUtil.class, "closeCache");
+ server2.invoke(SecurityTestUtil.class, "closeCache");
+ }
+
+ public void testAllowPutsGets() throws Exception {
+ AuthzCredentialGenerator gen = this.getXmlAuthzGenerator();
+ CredentialGenerator cGen = gen.getCredentialGenerator();
+ Properties extraAuthProps = cGen.getSystemProperties();
+ Properties javaProps = cGen.getJavaProperties();
+ Properties extraAuthzProps = gen.getSystemProperties();
+ String authenticator = cGen.getAuthenticator();
+ String authInit = cGen.getAuthInit();
+ String accessor = gen.getAuthorizationCallback();
+
+ getLogWriter().info("testAllowPutsGets: Using authinit: " + authInit);
+ getLogWriter().info(
+ "testAllowPutsGets: Using authenticator: " + authenticator);
+ getLogWriter().info("testAllowPutsGets: Using accessor: " + accessor);
+
+ // Start servers with all required properties
+ Properties serverProps = buildProperties(authenticator, accessor, false,
+ extraAuthProps, extraAuthzProps);
+ Integer port1 = ((Integer)server1.invoke(
+ ClientAuthorizationTestBase.class, "createCacheServer", new Object[] {
+ SecurityTestUtil.getLocatorPort(), serverProps, javaProps }));
+ Integer port2 = ((Integer)server2.invoke(
+ ClientAuthorizationTestBase.class, "createCacheServer", new Object[] {
+ SecurityTestUtil.getLocatorPort(), serverProps, javaProps }));
+
+ // Start client1 with valid CREATE credentials
+ Properties createCredentials = gen.getAllowedCredentials(
+ new OperationCode[] { OperationCode.PUT },
+ new String[] { regionName }, 1);
+ javaProps = cGen.getJavaProperties();
+ getLogWriter().info(
+ "testAllowPutsGets: For first client credentials: "
+ + createCredentials);
+ client1.invoke(ClientAuthenticationDUnitTest.class, "createCacheClient",
+ new Object[] { authInit, createCredentials, javaProps, port1, port2,
+ null, new Integer(SecurityTestUtil.NO_EXCEPTION) });
+
+ // Start client2 with valid GET credentials
+ Properties getCredentials = gen.getAllowedCredentials(
+ new OperationCode[] { OperationCode.GET },
+ new String[] { regionName }, 2);
+ javaProps = cGen.getJavaProperties();
+ getLogWriter()
+ .info(
+ "testAllowPutsGets: For second client credentials: "
+ + getCredentials);
+ client2.invoke(ClientAuthenticationDUnitTest.class, "createCacheClient",
+ new Object[] { authInit, getCredentials, javaProps, port1, port2,
+ null, new Integer(SecurityTestUtil.NO_EXCEPTION) });
+
+ // Perform some put operations from client1
+ client1.invoke(DeltaClientAuthorizationDUnitTest.class, "doPuts", new Object[] {
+ new Integer(2), new Integer(SecurityTestUtil.NO_EXCEPTION), Boolean.FALSE });
+ Thread.sleep(5000);
+ assertTrue("Delta feature NOT used", (Boolean)client1.invoke(DeltaTestImpl.class, "toDeltaFeatureUsed"));
+
+ // Verify that the gets succeed
+ client2.invoke(DeltaClientAuthorizationDUnitTest.class, "doGets", new Object[] {
+ new Integer(2), new Integer(SecurityTestUtil.NO_EXCEPTION), Boolean.FALSE });
+ }
+
+ public static void doPuts(Integer num, Integer expectedResult,
+ boolean newVals) {
+
+ assertTrue(num.intValue() <= SecurityTestUtil.keys.length);
+ Region region = null;
+ try {
+ region = SecurityTestUtil.getCache().getRegion(regionName);
+ assertNotNull(region);
+ }
+ catch (Exception ex) {
+ if (expectedResult.intValue() == SecurityTestUtil.OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing puts: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when doing puts", ex);
+ }
+ }
+ for (int index = 0; index < num.intValue(); ++index) {
+ region.put(SecurityTestUtil.keys[index], deltas[0]);
+ }
+ for (int index = 0; index < num.intValue(); ++index) {
+ try {
+ region.put(SecurityTestUtil.keys[index], deltas[index]);
+ if (expectedResult.intValue() != SecurityTestUtil.NO_EXCEPTION) {
+ fail("Expected a NotAuthorizedException while doing puts");
+ }
+ }
+ catch (NoAvailableServersException ex) {
+ if (expectedResult.intValue() == SecurityTestUtil.NO_AVAILABLE_SERVERS) {
+ getLogWriter().info(
+ "Got expected NoAvailableServers when doing puts: "
+ + ex.getCause());
+ continue;
+ }
+ else {
+ fail("Got unexpected exception when doing puts", ex);
+ }
+ }
+ catch (ServerConnectivityException ex) {
+ if ((expectedResult.intValue() == SecurityTestUtil.NOTAUTHZ_EXCEPTION)
+ && (ex.getCause() instanceof NotAuthorizedException)) {
+ getLogWriter().info(
+ "Got expected NotAuthorizedException when doing puts: "
+ + ex.getCause());
+ continue;
+ }
+ if ((expectedResult.intValue() == SecurityTestUtil.AUTHREQ_EXCEPTION)
+ && (ex.getCause() instanceof AuthenticationRequiredException)) {
+ getLogWriter().info(
+ "Got expected AuthenticationRequiredException when doing puts: "
+ + ex.getCause());
+ continue;
+ }
+ if ((expectedResult.intValue() == SecurityTestUtil.AUTHFAIL_EXCEPTION)
+ && (ex.getCause() instanceof AuthenticationFailedException)) {
+ getLogWriter().info(
+ "Got expected AuthenticationFailedException when doing puts: "
+ + ex.getCause());
+ continue;
+ }
+ else if (expectedResult.intValue() == SecurityTestUtil.OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing puts: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when doing puts", ex);
+ }
+ }
+ catch (Exception ex) {
+ if (expectedResult.intValue() == SecurityTestUtil.OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing puts: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when doing puts", ex);
+ }
+ }
+ }
+ }
+
+ public static void doGets(Integer num, Integer expectedResult,
+ boolean newVals) {
+
+ assertTrue(num.intValue() <= SecurityTestUtil.keys.length);
+ Region region = null;
+ try {
+ region = SecurityTestUtil.getCache().getRegion(regionName);
+ assertNotNull(region);
+ }
+ catch (Exception ex) {
+ if (expectedResult.intValue() == SecurityTestUtil.OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing gets: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when doing gets", ex);
+ }
+ }
+ for (int index = 0; index < num.intValue(); ++index) {
+ Object value = null;
+ try {
+ try {
+ region.localInvalidate(SecurityTestUtil.keys[index]);
+ }
+ catch (Exception ex) {
+ }
+ value = region.get(SecurityTestUtil.keys[index]);
+ if (expectedResult.intValue() != SecurityTestUtil.NO_EXCEPTION) {
+ fail("Expected a NotAuthorizedException while doing gets");
+ }
+ }
+ catch(NoAvailableServersException ex) {
+ if(expectedResult.intValue() == SecurityTestUtil.NO_AVAILABLE_SERVERS) {
+ getLogWriter().info(
+ "Got expected NoAvailableServers when doing puts: "
+ + ex.getCause());
+ continue;
+ }
+ else {
+ fail("Got unexpected exception when doing puts", ex);
+ }
+ }
+ catch (ServerConnectivityException ex) {
+ if ((expectedResult.intValue() == SecurityTestUtil.NOTAUTHZ_EXCEPTION)
+ && (ex.getCause() instanceof NotAuthorizedException)) {
+ getLogWriter().info(
+ "Got expected NotAuthorizedException when doing gets: "
+ + ex.getCause());
+ continue;
+ }
+ else if (expectedResult.intValue() == SecurityTestUtil.OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing gets: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when doing gets", ex);
+ }
+ }
+ catch (Exception ex) {
+ if (expectedResult.intValue() == SecurityTestUtil.OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing gets: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when doing gets", ex);
+ }
+ }
+ assertNotNull(value);
+ assertEquals(deltas[index], value);
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a622d6ec/gemfire-core/src/test/java/com/gemstone/gemfire/security/DeltaClientPostAuthorizationDUnitTest.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/test/java/com/gemstone/gemfire/security/DeltaClientPostAuthorizationDUnitTest.java b/gemfire-core/src/test/java/com/gemstone/gemfire/security/DeltaClientPostAuthorizationDUnitTest.java
new file mode 100644
index 0000000..7cfa23d
--- /dev/null
+++ b/gemfire-core/src/test/java/com/gemstone/gemfire/security/DeltaClientPostAuthorizationDUnitTest.java
@@ -0,0 +1,541 @@
+
+package com.gemstone.gemfire.security;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+import java.util.Random;
+
+import templates.security.AuthzCredentialGenerator;
+import templates.security.CredentialGenerator;
+
+import com.gemstone.gemfire.DeltaTestImpl;
+import com.gemstone.gemfire.cache.InterestResultPolicy;
+import com.gemstone.gemfire.cache.Region;
+import com.gemstone.gemfire.cache.client.ServerConnectivityException;
+import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
+import com.gemstone.gemfire.cache.query.CqException;
+import com.gemstone.gemfire.cache.query.QueryInvocationTargetException;
+import com.gemstone.gemfire.internal.AvailablePort;
+import com.gemstone.gemfire.internal.util.Callable;
+
+import dunit.Host;
+import dunit.VM;
+
+/**
+ * @since 6.1
+ *
+ */
+public class DeltaClientPostAuthorizationDUnitTest extends
+ ClientAuthorizationTestBase {
+ private static final int PAUSE = 5 * 1000;
+
+ /** constructor */
+ public DeltaClientPostAuthorizationDUnitTest(String name) {
+ super(name);
+ }
+
+ public void setUp() throws Exception {
+
+ super.setUp();
+ final Host host = Host.getHost(0);
+ server1 = host.getVM(0);
+ server2 = host.getVM(1);
+ client1 = host.getVM(2);
+ client2 = host.getVM(3);
+
+ server1.invoke(SecurityTestUtil.class, "registerExpectedExceptions",
+ new Object[] { serverExpectedExceptions });
+ server2.invoke(SecurityTestUtil.class, "registerExpectedExceptions",
+ new Object[] { serverExpectedExceptions });
+ client2.invoke(SecurityTestUtil.class, "registerExpectedExceptions",
+ new Object[] { clientExpectedExceptions });
+ SecurityTestUtil.registerExpectedExceptions(clientExpectedExceptions);
+ }
+
+ public void tearDown2() throws Exception {
+
+ super.tearDown2();
+ // close the clients first
+ client1.invoke(SecurityTestUtil.class, "closeCache");
+ client2.invoke(SecurityTestUtil.class, "closeCache");
+ SecurityTestUtil.closeCache();
+ // then close the servers
+ server1.invoke(SecurityTestUtil.class, "closeCache");
+ server2.invoke(SecurityTestUtil.class, "closeCache");
+ }
+
+ public void testPutPostOpNotifications() throws Exception {
+ addExpectedException("Unexpected IOException");
+ addExpectedException("SocketException");
+
+ OperationWithAction[] allOps = {
+ // Test CREATE and verify with a GET
+ new OperationWithAction(OperationCode.REGISTER_INTEREST,
+ OperationCode.GET, 2, OpFlags.USE_REGEX
+ | OpFlags.REGISTER_POLICY_NONE, 8),
+ new OperationWithAction(OperationCode.REGISTER_INTEREST,
+ OperationCode.GET, 3, OpFlags.USE_REGEX
+ | OpFlags.REGISTER_POLICY_NONE | OpFlags.USE_NOTAUTHZ, 8),
+ new OperationWithAction(OperationCode.PUT),
+ new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN
+ | OpFlags.LOCAL_OP, 4),
+ new OperationWithAction(OperationCode.GET, 3, OpFlags.USE_OLDCONN
+ | OpFlags.LOCAL_OP | OpFlags.CHECK_FAIL, 4),
+
+ // OPBLOCK_END indicates end of an operation block that needs to
+ // be executed on each server when doing failover
+ OperationWithAction.OPBLOCK_END,
+
+ // Test UPDATE and verify with a GET
+ new OperationWithAction(OperationCode.REGISTER_INTEREST,
+ OperationCode.GET, 2, OpFlags.USE_REGEX
+ | OpFlags.REGISTER_POLICY_NONE, 8),
+ new OperationWithAction(OperationCode.REGISTER_INTEREST,
+ OperationCode.GET, 3, OpFlags.USE_REGEX
+ | OpFlags.REGISTER_POLICY_NONE | OpFlags.USE_NOTAUTHZ, 8),
+ new OperationWithAction(OperationCode.PUT, 1, OpFlags.USE_OLDCONN
+ | OpFlags.USE_NEWVAL, 4),
+ new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN
+ | OpFlags.LOCAL_OP | OpFlags.USE_NEWVAL, 4),
+ new OperationWithAction(OperationCode.GET, 3, OpFlags.USE_OLDCONN
+ | OpFlags.LOCAL_OP | OpFlags.USE_NEWVAL | OpFlags.CHECK_FAIL, 4),
+
+ OperationWithAction.OPBLOCK_END };
+
+ AuthzCredentialGenerator gen = this.getXmlAuthzGenerator();
+ CredentialGenerator cGen = gen.getCredentialGenerator();
+ Properties extraAuthProps = cGen.getSystemProperties();
+ Properties javaProps = cGen.getJavaProperties();
+ Properties extraAuthzProps = gen.getSystemProperties();
+ String authenticator = cGen.getAuthenticator();
+ String authInit = cGen.getAuthInit();
+ String accessor = gen.getAuthorizationCallback();
+ TestAuthzCredentialGenerator tgen = new TestAuthzCredentialGenerator(gen);
+
+ getLogWriter().info(
+ "testAllOpsNotifications: Using authinit: " + authInit);
+ getLogWriter().info(
+ "testAllOpsNotifications: Using authenticator: " + authenticator);
+ getLogWriter().info(
+ "testAllOpsNotifications: Using accessor: " + accessor);
+
+ // Start servers with all required properties
+ Properties serverProps = buildProperties(authenticator, accessor, true,
+ extraAuthProps, extraAuthzProps);
+ // Get ports for the servers
+ Integer port1 = new Integer(AvailablePort
+ .getRandomAvailablePort(AvailablePort.SOCKET));
+ Integer port2 = new Integer(AvailablePort
+ .getRandomAvailablePort(AvailablePort.SOCKET));
+
+ // Perform all the ops on the clients
+ List opBlock = new ArrayList();
+ Random rnd = new Random();
+ for (int opNum = 0; opNum < allOps.length; ++opNum) {
+ // Start client with valid credentials as specified in
+ // OperationWithAction
+ OperationWithAction currentOp = allOps[opNum];
+ if (currentOp.equals(OperationWithAction.OPBLOCK_END)
+ || currentOp.equals(OperationWithAction.OPBLOCK_NO_FAILOVER)) {
+ // End of current operation block; execute all the operations
+ // on the servers with failover
+ if (opBlock.size() > 0) {
+ // Start the first server and execute the operation block
+ server1.invoke(ClientAuthorizationTestBase.class,
+ "createCacheServer", new Object[] {
+ SecurityTestUtil.getLocatorPort(), port1, serverProps,
+ javaProps });
+ server2.invoke(SecurityTestUtil.class, "closeCache");
+ executeOpBlock(opBlock, port1, port2, authInit, extraAuthProps,
+ extraAuthzProps, tgen, rnd);
+ if (!currentOp.equals(OperationWithAction.OPBLOCK_NO_FAILOVER)) {
+ // Failover to the second server and run the block again
+ server2.invoke(ClientAuthorizationTestBase.class,
+ "createCacheServer", new Object[] {
+ SecurityTestUtil.getLocatorPort(), port2, serverProps,
+ javaProps });
+ server1.invoke(SecurityTestUtil.class, "closeCache");
+ executeOpBlock(opBlock, port1, port2, authInit, extraAuthProps,
+ extraAuthzProps, tgen, rnd);
+ }
+ opBlock.clear();
+ }
+ }
+ else {
+ currentOp.setOpNum(opNum);
+ opBlock.add(currentOp);
+ }
+ }
+ }
+
+ protected void executeOpBlock(List opBlock, Integer port1, Integer port2,
+ String authInit, Properties extraAuthProps, Properties extraAuthzProps,
+ TestCredentialGenerator gen, Random rnd) {
+ Iterator opIter = opBlock.iterator();
+ while (opIter.hasNext()) {
+ // Start client with valid credentials as specified in
+ // OperationWithAction
+ OperationWithAction currentOp = (OperationWithAction)opIter.next();
+ OperationCode opCode = currentOp.getOperationCode();
+ int opFlags = currentOp.getFlags();
+ int clientNum = currentOp.getClientNum();
+ VM clientVM = null;
+ boolean useThisVM = false;
+ switch (clientNum) {
+ case 1:
+ clientVM = client1;
+ break;
+ case 2:
+ clientVM = client2;
+ break;
+ case 3:
+ useThisVM = true;
+ break;
+ default:
+ fail("executeOpBlock: Unknown client number " + clientNum);
+ break;
+ }
+ getLogWriter().info(
+ "executeOpBlock: performing operation number ["
+ + currentOp.getOpNum() + "]: " + currentOp);
+ if ((opFlags & OpFlags.USE_OLDCONN) == 0) {
+ Properties opCredentials;
+ int newRnd = rnd.nextInt(100) + 1;
+ String currentRegionName = '/' + regionName;
+ if ((opFlags & OpFlags.USE_SUBREGION) > 0) {
+ currentRegionName += ('/' + subregionName);
+ }
+ String credentialsTypeStr;
+ OperationCode authOpCode = currentOp.getAuthzOperationCode();
+ int[] indices = currentOp.getIndices();
+ CredentialGenerator cGen = gen.getCredentialGenerator();
+ Properties javaProps = null;
+ if ((opFlags & OpFlags.CHECK_NOTAUTHZ) > 0
+ || (opFlags & OpFlags.USE_NOTAUTHZ) > 0) {
+ opCredentials = gen.getDisallowedCredentials(
+ new OperationCode[] { authOpCode },
+ new String[] { currentRegionName }, indices, newRnd);
+ credentialsTypeStr = " unauthorized " + authOpCode;
+ }
+ else {
+ opCredentials = gen.getAllowedCredentials(new OperationCode[] {
+ opCode, authOpCode }, new String[] { currentRegionName },
+ indices, newRnd);
+ credentialsTypeStr = " authorized " + authOpCode;
+ }
+ if (cGen != null) {
+ javaProps = cGen.getJavaProperties();
+ }
+ Properties clientProps = SecurityTestUtil
+ .concatProperties(new Properties[] { opCredentials, extraAuthProps,
+ extraAuthzProps });
+ // Start the client with valid credentials but allowed or disallowed to
+ // perform an operation
+ getLogWriter().info(
+ "executeOpBlock: For client" + clientNum + credentialsTypeStr
+ + " credentials: " + opCredentials);
+ boolean setupDynamicRegionFactory = (opFlags & OpFlags.ENABLE_DRF) > 0;
+ if (useThisVM) {
+ createCacheClient(authInit, clientProps, javaProps, new Integer[] {
+ port1, port2 }, null, Boolean.valueOf(setupDynamicRegionFactory),
+ new Integer(SecurityTestUtil.NO_EXCEPTION));
+ }
+ else {
+ clientVM.invoke(ClientAuthorizationTestBase.class,
+ "createCacheClient", new Object[] { authInit, clientProps,
+ javaProps, new Integer[] { port1, port2 }, null,
+ Boolean.valueOf(setupDynamicRegionFactory),
+ new Integer(SecurityTestUtil.NO_EXCEPTION) });
+ }
+ }
+ int expectedResult;
+ if ((opFlags & OpFlags.CHECK_NOTAUTHZ) > 0) {
+ expectedResult = SecurityTestUtil.NOTAUTHZ_EXCEPTION;
+ }
+ else if ((opFlags & OpFlags.CHECK_EXCEPTION) > 0) {
+ expectedResult = SecurityTestUtil.OTHER_EXCEPTION;
+ }
+ else {
+ expectedResult = SecurityTestUtil.NO_EXCEPTION;
+ }
+
+ // Perform the operation from selected client
+ if (useThisVM) {
+ doOp(new Byte(opCode.toOrdinal()), currentOp.getIndices(), new Integer(
+ opFlags), new Integer(expectedResult));
+ }
+ else {
+ clientVM.invoke(DeltaClientPostAuthorizationDUnitTest.class, "doOp",
+ new Object[] { new Byte(opCode.toOrdinal()),
+ currentOp.getIndices(), new Integer(opFlags),
+ new Integer(expectedResult) });
+ }
+ }
+ }
+
+ private static Region createSubregion(Region region) {
+
+ Region subregion = getSubregion();
+ if (subregion == null) {
+ subregion = region.createSubregion(subregionName, region.getAttributes());
+ }
+ return subregion;
+ }
+
+ public static void doOp(Byte opCode, int[] indices, Integer flagsI,
+ Integer expectedResult) {
+
+ OperationCode op = OperationCode.fromOrdinal(opCode.byteValue());
+ boolean operationOmitted = false;
+ final int flags = flagsI.intValue();
+ Region region = getRegion();
+// for (int i = 0; i < indices.length; i++) {
+// region.put(SecurityTestUtil.keys[i],
+// DeltaClientAuthorizationDUnitTest.deltas[i]);
+// }
+ if ((flags & OpFlags.USE_SUBREGION) > 0) {
+ assertNotNull(region);
+ Region subregion = null;
+ if ((flags & OpFlags.NO_CREATE_SUBREGION) > 0) {
+ if ((flags & OpFlags.CHECK_NOREGION) > 0) {
+ // Wait for some time for DRF update to come
+ SecurityTestUtil.waitForCondition(new Callable() {
+ public Object call() throws Exception {
+ return Boolean.valueOf(getSubregion() == null);
+ }
+ });
+ subregion = getSubregion();
+ assertNull(subregion);
+ return;
+ }
+ else {
+ // Wait for some time for DRF update to come
+ SecurityTestUtil.waitForCondition(new Callable() {
+ public Object call() throws Exception {
+ return Boolean.valueOf(getSubregion() != null);
+ }
+ });
+ subregion = getSubregion();
+ assertNotNull(subregion);
+ }
+ }
+ else {
+ subregion = createSubregion(region);
+ }
+ assertNotNull(subregion);
+ region = subregion;
+ }
+ else if ((flags & OpFlags.CHECK_NOREGION) > 0) {
+ // Wait for some time for region destroy update to come
+ SecurityTestUtil.waitForCondition(new Callable() {
+ public Object call() throws Exception {
+ return Boolean.valueOf(getRegion() == null);
+ }
+ });
+ region = getRegion();
+ assertNull(region);
+ return;
+ }
+ else {
+ assertNotNull(region);
+ }
+ final String[] keys = SecurityTestUtil.keys;
+ final DeltaTestImpl[] vals;
+ if ((flags & OpFlags.USE_NEWVAL) > 0) {
+ vals = DeltaClientAuthorizationDUnitTest.deltas;
+ }
+ else {
+ vals = DeltaClientAuthorizationDUnitTest.deltas;
+ }
+ InterestResultPolicy policy = InterestResultPolicy.KEYS_VALUES;
+ if ((flags & OpFlags.REGISTER_POLICY_NONE) > 0) {
+ policy = InterestResultPolicy.NONE;
+ }
+ final int numOps = indices.length;
+ getLogWriter().info(
+ "Got doOp for op: " + op.toString() + ", numOps: " + numOps
+ + ", indices: " + indicesToString(indices) + ", expect: " + expectedResult);
+ boolean exceptionOccured = false;
+ boolean breakLoop = false;
+ if (op.isGet()) {
+ try {
+ Thread.sleep(PAUSE);
+ }
+ catch (InterruptedException e) {
+ fail("interrupted");
+ }
+ }
+ for (int indexIndex = 0; indexIndex < numOps; ++indexIndex) {
+ if (breakLoop) {
+ break;
+ }
+ int index = indices[indexIndex];
+ try {
+ final Object key = keys[index];
+ final Object expectedVal = vals[index];
+ if (op.isGet()) {
+ Object value = null;
+ // this is the case for testing GET_ALL
+ if ((flags & OpFlags.USE_ALL_KEYS) > 0) {
+ breakLoop = true;
+ List keyList = new ArrayList(numOps);
+ Object searchKey;
+ for (int keyNumIndex = 0; keyNumIndex < numOps; ++keyNumIndex) {
+ int keyNum = indices[keyNumIndex];
+ searchKey = keys[keyNum];
+ keyList.add(searchKey);
+ // local invalidate some keys to force fetch of those keys from
+ // server
+ if ((flags & OpFlags.CHECK_NOKEY) > 0) {
+ assertFalse(region.containsKey(searchKey));
+ }
+ else {
+ if (keyNumIndex % 2 == 1) {
+ assertTrue(region.containsKey(searchKey));
+ region.localInvalidate(searchKey);
+ }
+ }
+ }
+ Map entries = region.getAll(keyList);
+ for (int keyNumIndex = 0; keyNumIndex < numOps; ++keyNumIndex) {
+ int keyNum = indices[keyNumIndex];
+ searchKey = keys[keyNum];
+ if ((flags & OpFlags.CHECK_FAIL) > 0) {
+ assertFalse(entries.containsKey(searchKey));
+ }
+ else {
+ assertTrue(entries.containsKey(searchKey));
+ value = entries.get(searchKey);
+ assertEquals(vals[keyNum], value);
+ }
+ }
+ break;
+ }
+ if ((flags & OpFlags.LOCAL_OP) > 0) {
+ Callable cond = new Callable() {
+ private Region region;
+
+ public Object call() throws Exception {
+ Object value = SecurityTestUtil.getLocalValue(region, key);
+ return Boolean
+ .valueOf((flags & OpFlags.CHECK_FAIL) > 0 ? !expectedVal
+ .equals(value) : expectedVal.equals(value));
+ }
+
+ public Callable init(Region region) {
+ this.region = region;
+ return this;
+ }
+ }.init(region);
+ SecurityTestUtil.waitForCondition(cond);
+ value = SecurityTestUtil.getLocalValue(region, key);
+ }
+ else {
+ if ((flags & OpFlags.CHECK_NOKEY) > 0) {
+ assertFalse(region.containsKey(key));
+ }
+ else {
+ assertTrue(region.containsKey(key));
+ region.localInvalidate(key);
+ }
+ value = region.get(key);
+ }
+ if ((flags & OpFlags.CHECK_FAIL) > 0) {
+ assertFalse(expectedVal.equals(value));
+ }
+ else {
+ assertNotNull(value);
+ assertEquals(expectedVal, value);
+ }
+ }
+ else if (op.isPut()) {
+ region.put(key, expectedVal);
+ }
+ else if (op.isRegisterInterest()) {
+ if ((flags & OpFlags.USE_LIST) > 0) {
+ breakLoop = true;
+ // Register interest list in this case
+ List keyList = new ArrayList(numOps);
+ for (int keyNumIndex = 0; keyNumIndex < numOps; ++keyNumIndex) {
+ int keyNum = indices[keyNumIndex];
+ keyList.add(keys[keyNum]);
+ }
+ region.registerInterest(keyList, policy);
+ }
+ else if ((flags & OpFlags.USE_REGEX) > 0) {
+ breakLoop = true;
+ region.registerInterestRegex("key[1-" + numOps + ']', policy);
+ }
+ else if ((flags & OpFlags.USE_ALL_KEYS) > 0) {
+ breakLoop = true;
+ region.registerInterest("ALL_KEYS", policy);
+ }
+ else {
+ region.registerInterest(key, policy);
+ }
+ }
+ else {
+ fail("doOp: Unhandled operation " + op);
+ }
+ if (expectedResult.intValue() != SecurityTestUtil.NO_EXCEPTION) {
+ if (!operationOmitted && !op.isUnregisterInterest()) {
+ fail("Expected an exception while performing operation op =" + op +
+ "flags = " + OpFlags.description(flags));
+ }
+ }
+ }
+ catch (Exception ex) {
+ exceptionOccured = true;
+ if ((ex instanceof ServerConnectivityException
+ || ex instanceof QueryInvocationTargetException || ex instanceof CqException)
+ && (expectedResult.intValue() == SecurityTestUtil.NOTAUTHZ_EXCEPTION)
+ && (ex.getCause() instanceof NotAuthorizedException)) {
+ getLogWriter().info(
+ "doOp: Got expected NotAuthorizedException when doing operation ["
+ + op + "] with flags " + OpFlags.description(flags)
+ + ": " + ex.getCause());
+ continue;
+ }
+ else if (expectedResult.intValue() == SecurityTestUtil.OTHER_EXCEPTION) {
+ getLogWriter().info(
+ "doOp: Got expected exception when doing operation: "
+ + ex.toString());
+ continue;
+ }
+ else {
+ fail("doOp: Got unexpected exception when doing operation. Policy = "
+ + policy + " flags = " + OpFlags.description(flags), ex);
+ }
+ }
+ }
+ if (!exceptionOccured && !operationOmitted
+ && expectedResult.intValue() != SecurityTestUtil.NO_EXCEPTION) {
+ fail("Expected an exception while performing operation: " + op +
+ " flags = " + OpFlags.description(flags));
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a622d6ec/gemfire-core/src/test/java/com/gemstone/gemfire/security/P2PAuthenticationDUnitTest.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/test/java/com/gemstone/gemfire/security/P2PAuthenticationDUnitTest.java b/gemfire-core/src/test/java/com/gemstone/gemfire/security/P2PAuthenticationDUnitTest.java
new file mode 100644
index 0000000..0f83050
--- /dev/null
+++ b/gemfire-core/src/test/java/com/gemstone/gemfire/security/P2PAuthenticationDUnitTest.java
@@ -0,0 +1,622 @@
+
+package com.gemstone.gemfire.security;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+import java.io.File;
+import java.util.Properties;
+
+import javax.net.ssl.SSLHandshakeException;
+
+import templates.security.CredentialGenerator;
+import templates.security.DummyCredentialGenerator;
+import templates.security.LdapUserCredentialGenerator;
+
+import com.gemstone.gemfire.LogWriter;
+import com.gemstone.gemfire.distributed.DistributedSystem;
+import com.gemstone.gemfire.distributed.Locator;
+import com.gemstone.gemfire.distributed.internal.DistributionConfig;
+import com.gemstone.gemfire.distributed.internal.InternalDistributedSystem;
+import com.gemstone.gemfire.distributed.internal.membership.MembershipManager;
+import com.gemstone.gemfire.distributed.internal.membership.gms.MembershipManagerHelper;
+import com.gemstone.gemfire.internal.AvailablePort;
+
+import dunit.DistributedTestCase;
+import dunit.Host;
+import dunit.VM;
+
+/**
+ * Tests peer to peer authentication in Gemfire
+ *
+ * @author Yogesh Mahajan
+ * @since 5.5
+ */
+public class P2PAuthenticationDUnitTest extends DistributedTestCase {
+
+ private static VM locatorVM = null;
+
+ public static final String USER_NAME = "security-username";
+
+ public static final String PASSWORD = "security-password";
+
+ private static final String[] expectedExceptions = {
+ AuthenticationRequiredException.class.getName(),
+ AuthenticationFailedException.class.getName(),
+ GemFireSecurityException.class.getName(),
+ SSLHandshakeException.class.getName(),
+ ClassNotFoundException.class.getName(),
+ "Authentication failed for",
+ "Failed to obtain credentials"};
+
+ public P2PAuthenticationDUnitTest(String name) {
+ super(name);
+ }
+
+ public void setUp() throws Exception {
+
+ super.setUp();
+ final Host host = Host.getHost(0);
+ locatorVM = host.getVM(0);
+ }
+
+ private void setProperty(Properties props, String key, String value) {
+
+ if (key != null && value != null) {
+ props.setProperty(key, value);
+ }
+ }
+
+ /**
+ * Check that mcast-port setting for discovery or with locator are
+ * incompatible with security
+ */
+ public void testIllegalPropertyCombos() throws Exception {
+
+ int port = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
+ File logFile = new File(getUniqueName() + "-locator" + port + ".log");
+ Properties props = new Properties();
+ props.setProperty(DistributionConfig.MCAST_PORT_NAME, "26753");
+ props.setProperty(DistributionConfig.LOCATORS_NAME,
+ DistributedTestCase.getIPLiteral() + "[" + port + "]");
+ props.setProperty(DistributionConfig.SECURITY_PEER_AUTH_INIT_NAME,
+ "templates.security.UserPasswordAuthInit.create");
+ props.setProperty(DistributionConfig.ENABLE_CLUSTER_CONFIGURATION_NAME, "false");
+
+ try {
+ Locator.startLocatorAndDS(port, logFile, null, props);
+ fail("Expected an IllegalArgumentException while starting locator");
+ }
+ catch (IllegalArgumentException ex) {
+ // success
+ }
+
+ // Also try setting the authenticator
+ props = new Properties();
+ props.setProperty(DistributionConfig.MCAST_PORT_NAME, "26753");
+ props.setProperty(DistributionConfig.LOCATORS_NAME,
+ DistributedTestCase.getIPLiteral() +"[" + port + "]");
+ props.setProperty(DistributionConfig.SECURITY_PEER_AUTHENTICATOR_NAME,
+ "templates.security.LdapUserAuthenticator.create");
+ props.setProperty(DistributionConfig.ENABLE_CLUSTER_CONFIGURATION_NAME, "false");
+ try {
+ Locator.startLocatorAndDS(port, logFile, null, props);
+ fail("Expected an IllegalArgumentException while starting locator");
+ }
+ catch (IllegalArgumentException ex) {
+ // success
+ }
+
+ props = new Properties();
+ props.setProperty(DistributionConfig.MCAST_PORT_NAME, "26753");
+ props.setProperty(DistributionConfig.SECURITY_PEER_AUTH_INIT_NAME,
+ "templates.security.UserPasswordAuthInit.create");
+ try {
+ getSystem(props);
+ fail("Expected an IllegalArgumentException while connection to DS");
+ }
+ catch (IllegalArgumentException ex) {
+ // success
+ }
+
+ // Also try setting the authenticator
+ props = new Properties();
+ props.setProperty(DistributionConfig.MCAST_PORT_NAME, "26753");
+ props.setProperty(DistributionConfig.SECURITY_PEER_AUTHENTICATOR_NAME,
+ "templates.security.LdapUserAuthenticator.create");
+ try {
+ getSystem(props);
+ fail("Expected an IllegalArgumentException while connection to DS");
+ }
+ catch (IllegalArgumentException ex) {
+ // success
+ }
+ }
+
+ // AuthInitialize is incorrect
+ public void testP2PAuthenticationWithInvalidAuthInitialize() throws Exception {
+
+ disconnectAllFromDS();
+ CredentialGenerator gen = new DummyCredentialGenerator();
+ Properties props = gen.getSystemProperties();
+ Properties javaProps = gen.getJavaProperties();
+ String authenticator = gen.getAuthenticator();
+ if (props == null) {
+ props = new Properties();
+ }
+ String authInit = " Incorrect_AuthInitialize";
+ int port = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
+ final String locators = DistributedTestCase.getIPLiteral() + "[" + port + "]";
+ props.setProperty(DistributionConfig.MCAST_PORT_NAME, "0");
+ props.setProperty(DistributionConfig.LOCATORS_NAME, locators);
+ setProperty(props, DistributionConfig.SECURITY_PEER_AUTH_INIT_NAME,
+ authInit);
+ setProperty(props, DistributionConfig.SECURITY_PEER_AUTHENTICATOR_NAME,
+ authenticator);
+ locatorVM.invoke(SecurityTestUtil.class, "startLocator", new Object[]{
+ getUniqueName(), new Integer(port), props, javaProps,
+ expectedExceptions});
+
+ LogWriter dsLogger = createLogWriter(props);
+ SecurityTestUtil.addExpectedExceptions(expectedExceptions, dsLogger);
+ try {
+ new SecurityTestUtil("tmp").createSystem(props, null);
+ fail("AuthenticationFailedException was expected as the AuthInitialize object passed is incorrect");
+ } catch (AuthenticationFailedException expected) {
+ // success
+ } finally {
+ SecurityTestUtil.removeExpectedExceptions(expectedExceptions, dsLogger);
+ locatorVM.invoke(SecurityTestUtil.class, "stopLocator", new Object[]{
+ new Integer(port), expectedExceptions});
+ }
+
+ }
+
+ // Authenticator is incorrect
+ public void testP2PAuthenticationWithInvalidAuthenticator() throws Exception {
+ disconnectAllFromDS();
+ CredentialGenerator gen = new DummyCredentialGenerator();
+ Properties props = gen.getSystemProperties();
+ Properties javaProps = gen.getJavaProperties();
+ String authenticator = "xyz";
+ String authInit = gen.getAuthInit();
+ if (props == null) {
+ props = new Properties();
+ }
+ int port = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
+ final String locators = DistributedTestCase.getIPLiteral() +"["+port+"]";
+ props.setProperty(DistributionConfig.MCAST_PORT_NAME, "0");
+ props.setProperty(DistributionConfig.LOCATORS_NAME, locators);
+ setProperty(props, DistributionConfig.SECURITY_PEER_AUTH_INIT_NAME,
+ authInit);
+ setProperty(props, DistributionConfig.SECURITY_PEER_AUTHENTICATOR_NAME,
+ authenticator);
+ locatorVM.invoke(SecurityTestUtil.class, "startLocator", new Object[] {
+ getUniqueName(), new Integer(port), props, javaProps,
+ expectedExceptions });
+
+ LogWriter dsLogger = createLogWriter(props);
+ SecurityTestUtil.addExpectedExceptions(expectedExceptions, dsLogger);
+ try {
+ new SecurityTestUtil("tmp").createSystem(props, javaProps);
+ fail("AuthenticationFailedException was expected as the Authenticator object passed is incorrect");
+ }
+ catch (AuthenticationFailedException expected) {
+ // success
+ }
+ finally {
+ SecurityTestUtil.removeExpectedExceptions(expectedExceptions, dsLogger);
+ locatorVM.invoke(SecurityTestUtil.class, "stopLocator", new Object[] {
+ new Integer(port), expectedExceptions });
+ }
+ }
+
+ public void testP2PAuthenticationWithNoCredentials() throws Exception {
+
+ disconnectAllFromDS();
+
+ CredentialGenerator gen = new DummyCredentialGenerator();
+ Properties props = gen.getSystemProperties();
+ Properties javaProps = gen.getJavaProperties();
+ String authenticator = gen.getAuthenticator();
+ String authInit = gen.getAuthInit();
+ if (props == null) {
+ props = new Properties();
+ }
+ int port = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
+ final String locators = DistributedTestCase.getIPLiteral() +"["+port+"]";
+ props.setProperty(DistributionConfig.MCAST_PORT_NAME, "0");
+ props.setProperty(DistributionConfig.LOCATORS_NAME, locators);
+ setProperty(props, DistributionConfig.SECURITY_PEER_AUTH_INIT_NAME,
+ authInit);
+ setProperty(props, DistributionConfig.SECURITY_PEER_AUTHENTICATOR_NAME,
+ authenticator);
+ locatorVM.invoke(SecurityTestUtil.class, "startLocator", new Object[] {
+ getUniqueName(), new Integer(port), props, javaProps,
+ expectedExceptions });
+
+ LogWriter dsLogger = createLogWriter(props);
+ SecurityTestUtil.addExpectedExceptions(expectedExceptions, dsLogger);
+ try {
+ new SecurityTestUtil("tmp").createSystem(props, null);
+ fail("AuthenticationFailedException was expected as no credentials are set");
+ }
+ catch (AuthenticationFailedException expected) {
+ // success
+ }
+ finally {
+ SecurityTestUtil.removeExpectedExceptions(expectedExceptions, dsLogger);
+ locatorVM.invoke(SecurityTestUtil.class, "stopLocator", new Object[] {
+ new Integer(port), expectedExceptions });
+ }
+ }
+
+ public void testP2PAuthenticationWithValidCredentials() throws Exception {
+
+ disconnectAllFromDS();
+ CredentialGenerator gen = new DummyCredentialGenerator();
+ Properties props = gen.getSystemProperties();
+ String authenticator = gen.getAuthenticator();
+ String authInit = gen.getAuthInit();
+ if (props == null) {
+ props = new Properties();
+ }
+ int port = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
+ final String locators = DistributedTestCase.getIPLiteral() +"["+port+"]";
+ props.setProperty(DistributionConfig.MCAST_PORT_NAME, "0");
+ props.setProperty(DistributionConfig.LOCATORS_NAME, locators);
+ setProperty(props, DistributionConfig.SECURITY_PEER_AUTH_INIT_NAME,
+ authInit);
+ setProperty(props, DistributionConfig.SECURITY_PEER_AUTHENTICATOR_NAME,
+ authenticator);
+ Properties credentials = gen.getValidCredentials(1);
+ Properties javaProps = gen.getJavaProperties();
+ props.putAll(credentials);
+ locatorVM.invoke(SecurityTestUtil.class, "startLocator", new Object[] {
+ getUniqueName(), new Integer(port), props, javaProps,
+ expectedExceptions });
+ try {
+ createDS(props, javaProps);
+ verifyMembers(new Integer(2));
+ disconnectFromDS();
+
+ } finally {
+ locatorVM.invoke(SecurityTestUtil.class, "stopLocator", new Object[] {
+ new Integer(port), expectedExceptions });
+ }
+ }
+
+ public void testP2PAuthenticationWithBothValidAndInValidCredentials()
+ throws Exception {
+
+ disconnectAllFromDS();
+ addExpectedException("Authentication failed");
+
+ CredentialGenerator gen = new DummyCredentialGenerator();
+ Properties props = gen.getSystemProperties();
+ String authenticator = gen.getAuthenticator();
+ String authInit = gen.getAuthInit();
+ if (props == null) {
+ props = new Properties();
+ }
+ int port = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
+ final String locators = DistributedTestCase.getIPLiteral() +"["+port+"]";
+ props.setProperty(DistributionConfig.MCAST_PORT_NAME, "0");
+ props.setProperty(DistributionConfig.LOCATORS_NAME, locators);
+ setProperty(props, DistributionConfig.SECURITY_PEER_AUTH_INIT_NAME,
+ authInit);
+ setProperty(props, DistributionConfig.SECURITY_PEER_AUTHENTICATOR_NAME,
+ authenticator);
+ // valid credentials for locator
+ Properties credentials = gen.getValidCredentials(1);
+ Properties javaProps = gen.getJavaProperties();
+ props.putAll(credentials);
+ locatorVM.invoke(SecurityTestUtil.class, "startLocator", new Object[] {
+ getUniqueName(), new Integer(port), props, javaProps,
+ expectedExceptions });
+ try {
+ // invalid credentials for the peer
+ credentials = gen.getInvalidCredentials(1);
+ javaProps = gen.getJavaProperties();
+ props.putAll(credentials);
+
+ LogWriter dsLogger = createLogWriter(props);
+ SecurityTestUtil.addExpectedExceptions(expectedExceptions, dsLogger);
+ try {
+ new SecurityTestUtil("tmp").createSystem(props, javaProps);
+ fail("AuthenticationFailedException was expected as wrong credentials were passed");
+ }
+ catch (AuthenticationFailedException expected) {
+ // success
+ }
+ finally {
+ SecurityTestUtil.removeExpectedExceptions(expectedExceptions, dsLogger);
+ }
+
+ credentials = gen.getValidCredentials(3);
+ javaProps = gen.getJavaProperties();
+ props.putAll(credentials);
+ createDS(props, javaProps);
+ verifyMembers(new Integer(2));
+ disconnectFromDS();
+
+ } finally {
+ locatorVM.invoke(SecurityTestUtil.class, "stopLocator", new Object[] {
+ new Integer(port), expectedExceptions });
+ }
+ }
+
+ /**
+ * The strategy is to test view change reject by having two different
+ * authenticators on different VMs.
+ *
+ * Here locator will accept the credentials from peer2 but the first peer will
+ * reject them due to different authenticator. Hence the number of members
+ * reported by the first peer should be only two while others will report as
+ * three.
+ */
+ public void disabled_testP2PViewChangeReject() throws Exception {
+
+ disconnectAllFromDS();
+ final Host host = Host.getHost(0);
+ final VM peer2 = host.getVM(1);
+ final VM peer3 = host.getVM(2);
+
+ CredentialGenerator gen = new LdapUserCredentialGenerator();
+ gen.init();
+ Properties extraProps = gen.getSystemProperties();
+ String authenticator = gen.getAuthenticator();
+ String authInit = gen.getAuthInit();
+ if (extraProps == null) {
+ extraProps = new Properties();
+ }
+
+ CredentialGenerator gen2 = new DummyCredentialGenerator();
+ gen2.init();
+ Properties extraProps2 = gen2.getSystemProperties();
+ String authenticator2 = gen2.getAuthenticator();
+ if (extraProps2 == null) {
+ extraProps2 = new Properties();
+ }
+
+ // Start the locator with the LDAP authenticator
+ Properties props = new Properties();
+ int port = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
+ final String locators = DistributedTestCase.getIPLiteral() +"["+port+"]";
+ setProperty(props, DistributionConfig.SECURITY_PEER_AUTH_INIT_NAME,
+ authInit);
+ setProperty(props, DistributionConfig.SECURITY_PEER_AUTHENTICATOR_NAME,
+ authenticator);
+ Properties credentials = gen.getValidCredentials(1);
+ Properties javaProps = gen.getJavaProperties();
+ props.putAll(credentials);
+ props.putAll(extraProps);
+ locatorVM.invoke(SecurityTestUtil.class, "startLocator", new Object[] {
+ getUniqueName(), new Integer(port), props, javaProps,
+ expectedExceptions });
+ try {
+
+ // Start the first peer with different authenticator
+ props = new Properties();
+ props.setProperty(DistributionConfig.MCAST_PORT_NAME, "0");
+ props.setProperty(DistributionConfig.LOCATORS_NAME, locators);
+ setProperty(props, DistributionConfig.SECURITY_PEER_AUTH_INIT_NAME,
+ authInit);
+ setProperty(props, DistributionConfig.SECURITY_PEER_AUTHENTICATOR_NAME,
+ authenticator2);
+ credentials = gen.getValidCredentials(3);
+ Properties javaProps2 = gen2.getJavaProperties();
+ props.putAll(credentials);
+ props.putAll(extraProps2);
+ createDS(props, javaProps2);
+
+ // Start the second peer with the same authenticator as locator
+ props = new Properties();
+ props.setProperty(DistributionConfig.MCAST_PORT_NAME, "0");
+ props.setProperty(DistributionConfig.LOCATORS_NAME, locators);
+ setProperty(props, DistributionConfig.SECURITY_PEER_AUTH_INIT_NAME,
+ authInit);
+ setProperty(props, DistributionConfig.SECURITY_PEER_AUTHENTICATOR_NAME,
+ authenticator);
+ credentials = gen.getValidCredentials(7);
+ javaProps = gen.getJavaProperties();
+ props.putAll(credentials);
+ props.putAll(extraProps);
+ peer2.invoke(P2PAuthenticationDUnitTest.class, "createDS", new Object[] {
+ props, javaProps });
+
+ // Start the third peer with the same authenticator as locator
+ peer3.invoke(P2PAuthenticationDUnitTest.class, "createDS", new Object[] {
+ props, javaProps });
+
+ // wait for view propagation
+ pause(2000);
+ // Verify the number of members on all peers and locator
+ locatorVM.invoke(P2PAuthenticationDUnitTest.class, "verifyMembers",
+ new Object[] { new Integer(4) });
+ verifyMembers(new Integer(2));
+ peer2.invoke(P2PAuthenticationDUnitTest.class, "verifyMembers",
+ new Object[] { new Integer(4) });
+ peer3.invoke(P2PAuthenticationDUnitTest.class, "verifyMembers",
+ new Object[] { new Integer(4) });
+
+ // Disconnect the first peer and check again
+ disconnectFromDS();
+ pause(2000);
+ locatorVM.invoke(P2PAuthenticationDUnitTest.class, "verifyMembers",
+ new Object[] { new Integer(3) });
+ peer2.invoke(P2PAuthenticationDUnitTest.class, "verifyMembers",
+ new Object[] { new Integer(3) });
+ peer3.invoke(P2PAuthenticationDUnitTest.class, "verifyMembers",
+ new Object[] { new Integer(3) });
+
+ // Disconnect the second peer and check again
+ peer2.invoke(DistributedTestCase.class, "disconnectFromDS");
+ pause(2000);
+ locatorVM.invoke(P2PAuthenticationDUnitTest.class, "verifyMembers",
+ new Object[] { new Integer(2) });
+ peer3.invoke(P2PAuthenticationDUnitTest.class, "verifyMembers",
+ new Object[] { new Integer(2) });
+
+ // Same for last peer
+ peer3.invoke(DistributedTestCase.class, "disconnectFromDS");
+ pause(2000);
+ locatorVM.invoke(P2PAuthenticationDUnitTest.class, "verifyMembers",
+ new Object[] { new Integer(1) });
+
+ } finally {
+ locatorVM.invoke(SecurityTestUtil.class, "stopLocator", new Object[] {
+ new Integer(port), expectedExceptions });
+ }
+ }
+
+ /**
+ * The strategy is to test credential size greater than UDP datagram size.
+ *
+ * @see Bug # 38570.
+ *
+ * Here locator will accept the credentials from peer2 and the large credential
+ * from the first peer. Number of members in the DS
+ * should be four
+ */
+ public void testP2PLargeCredentialSucceeds() throws Exception {
+
+ disconnectAllFromDS();
+ final Host host = Host.getHost(0);
+ final VM peer2 = host.getVM(1);
+ final VM peer3 = host.getVM(2);
+
+ CredentialGenerator gen = new DummyCredentialGenerator();
+ gen.init();
+ Properties extraProps = gen.getSystemProperties();
+ String authenticator = gen.getAuthenticator();
+ String authInit = "templates.security.UserPasswordWithExtraPropsAuthInit.create";
+ if (extraProps == null) {
+ extraProps = new Properties();
+ }
+
+ // Start the locator with the Dummy authenticator
+ Properties props = new Properties();
+ int port = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
+ final String locators = DistributedTestCase.getIPLiteral() +"["+port+"]";
+ setProperty(props, DistributionConfig.SECURITY_PEER_AUTH_INIT_NAME,
+ authInit);
+ setProperty(props, DistributionConfig.SECURITY_PEER_AUTHENTICATOR_NAME,
+ authenticator);
+ Properties credentials = gen.getValidCredentials(1);
+ Properties javaProps = gen.getJavaProperties();
+ props.putAll(credentials);
+ props.putAll(extraProps);
+ locatorVM.invoke(SecurityTestUtil.class, "startLocator", new Object[] {
+ getUniqueName(), new Integer(port), props, javaProps,
+ expectedExceptions });
+ try {
+
+ // Start the first peer with huge credentials
+ props = new Properties();
+ props.setProperty(DistributionConfig.MCAST_PORT_NAME, "0");
+ props.setProperty(DistributionConfig.LOCATORS_NAME, locators);
+ setProperty(props, DistributionConfig.SECURITY_PEER_AUTH_INIT_NAME,
+ authInit);
+ setProperty(props, DistributionConfig.SECURITY_PEER_AUTHENTICATOR_NAME,
+ authenticator);
+ credentials = gen.getValidCredentials(3);
+ javaProps = gen.getJavaProperties();
+ String hugeStr = "20KString";
+ for (int i = 0; i <= 20000; i++) {
+ hugeStr += "A";
+ }
+ credentials.setProperty("security-keep-extra-props", "-");
+ credentials.setProperty("security-hugeentryone", hugeStr);
+ credentials.setProperty("security-hugeentrytwo", hugeStr);
+ credentials.setProperty("security-hugeentrythree", hugeStr);
+
+ props.putAll(credentials);
+ props.putAll(extraProps);
+
+ LogWriter dsLogger = createLogWriter(props);
+ SecurityTestUtil.addExpectedExceptions(
+ new String[] { IllegalArgumentException.class.getName() }, dsLogger);
+ try {
+ createDS(props, javaProps);
+// fail("AuthenticationFailedException was expected as credentials were passed beyond 50k");
+ }
+ finally {
+ SecurityTestUtil.removeExpectedExceptions(
+ new String[] { IllegalArgumentException.class.getName() }, dsLogger);
+ }
+
+ // Start the second peer with the same authenticator as locator
+ props = new Properties();
+ props.setProperty(DistributionConfig.MCAST_PORT_NAME, "0");
+ props.setProperty(DistributionConfig.LOCATORS_NAME, locators);
+ setProperty(props, DistributionConfig.SECURITY_PEER_AUTH_INIT_NAME,
+ authInit);
+ setProperty(props, DistributionConfig.SECURITY_PEER_AUTHENTICATOR_NAME,
+ authenticator);
+ credentials = gen.getValidCredentials(7);
+ javaProps = gen.getJavaProperties();
+ props.putAll(credentials);
+ props.putAll(extraProps);
+ peer2.invoke(P2PAuthenticationDUnitTest.class, "createDS", new Object[] {
+ props, javaProps });
+
+ // Start the third peer with the same authenticator as locator
+ peer3.invoke(P2PAuthenticationDUnitTest.class, "createDS", new Object[] {
+ props, javaProps });
+
+ // wait for view propagation
+ pause(2000);
+ // Verify the number of members on all peers and locator
+ locatorVM.invoke(P2PAuthenticationDUnitTest.class, "verifyMembers",
+ new Object[] { new Integer(4) });
+ peer2.invoke(P2PAuthenticationDUnitTest.class, "verifyMembers",
+ new Object[] { new Integer(4) });
+ peer3.invoke(P2PAuthenticationDUnitTest.class, "verifyMembers",
+ new Object[] { new Integer(4) });
+
+
+ // Disconnect the peers
+ disconnectFromDS();
+ peer2.invoke(DistributedTestCase.class, "disconnectFromDS");
+ peer3.invoke(DistributedTestCase.class, "disconnectFromDS");
+
+ } finally {
+ // Stopping the locator
+ locatorVM.invoke(SecurityTestUtil.class, "stopLocator", new Object[] {
+ new Integer(port), expectedExceptions });
+ }
+ }
+
+ public static void createDS(Properties props, Object javaProps) {
+
+ SecurityTestUtil tmpUtil = new SecurityTestUtil("tmp");
+ tmpUtil.createSystem(props, (Properties)javaProps);
+ }
+
+ public static void verifyMembers(Integer numExpectedMembers) {
+
+ DistributedSystem ds = InternalDistributedSystem.getAnyInstance();
+ MembershipManager mgr = MembershipManagerHelper
+ .getMembershipManager(ds);
+ assertEquals(numExpectedMembers.intValue(), mgr.getView().size());
+ }
+
+}