You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by ji...@apache.org on 2016/05/20 16:36:34 UTC
incubator-geode git commit: GEODE-17: add regionName in some of the
commands authorization
Repository: incubator-geode
Updated Branches:
refs/heads/develop f05e87d27 -> 8a3c351ab
GEODE-17: add regionName in some of the commands authorization
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/8a3c351a
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/8a3c351a
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/8a3c351a
Branch: refs/heads/develop
Commit: 8a3c351abd971ba740e77364a431aee7d5cc5b10
Parents: f05e87d
Author: Jinmei Liao <ji...@pivotal.io>
Authored: Thu May 19 10:39:16 2016 -0700
Committer: Jinmei Liao <ji...@pivotal.io>
Committed: Fri May 20 09:36:10 2016 -0700
----------------------------------------------------------------------
.../internal/security/GeodeSecurityUtil.java | 4 +
.../CreateAlterDestroyRegionCommands.java | 5 +-
.../internal/cli/commands/DataCommands.java | 1 -
.../internal/cli/commands/IndexCommands.java | 32 +-
.../cli/functions/DataCommandFunction.java | 11 +-
.../support/MemberMXBeanAdapter.java | 654 -------------------
.../security/CliCommandsSecurityTest.java | 24 +-
.../security/GfshCommandsSecurityTest.java | 22 +-
.../internal/security/TestCommand.java | 9 +-
.../internal/security/cacheServer.json | 42 ++
10 files changed, 118 insertions(+), 686 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8a3c351a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
index 322c59e..4eafada 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
@@ -173,6 +173,10 @@ public class GeodeSecurityUtil {
authorize("DATA", "READ");
}
+ public static void authorizeRegionManage(String regionName){
+ authorize("DATA", "MANAGE", regionName);
+ }
+
public static void authorizeRegionWrite(String regionName){
authorize("DATA", "WRITE", regionName);
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8a3c351a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/CreateAlterDestroyRegionCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/CreateAlterDestroyRegionCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/CreateAlterDestroyRegionCommands.java
index 06c096f..1e19861 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/CreateAlterDestroyRegionCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/CreateAlterDestroyRegionCommands.java
@@ -52,6 +52,7 @@ import com.gemstone.gemfire.internal.ClassPathLoader;
import com.gemstone.gemfire.internal.cache.GemFireCacheImpl;
import com.gemstone.gemfire.internal.i18n.LocalizedStrings;
import com.gemstone.gemfire.internal.lang.StringUtils;
+import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
import com.gemstone.gemfire.management.DistributedRegionMXBean;
import com.gemstone.gemfire.management.DistributedSystemMXBean;
import com.gemstone.gemfire.management.ManagementService;
@@ -437,7 +438,6 @@ public class CreateAlterDestroyRegionCommands extends AbstractCommandsSupport {
@CliCommand (value = CliStrings.ALTER_REGION, help = CliStrings.ALTER_REGION__HELP)
@CliMetaData (relatedTopic = CliStrings.TOPIC_GEMFIRE_REGION, writesToSharedConfiguration = true)
- @ResourceOperation(resource=Resource.DATA, operation = OperationCode.MANAGE)
public Result alterRegion(
@CliOption (key = CliStrings.ALTER_REGION__REGION,
mandatory = true,
@@ -531,6 +531,8 @@ public class CreateAlterDestroyRegionCommands extends AbstractCommandsSupport {
Result result = null;
XmlEntity xmlEntity = null;
+ GeodeSecurityUtil.authorizeRegionManage(regionPath);
+
try {
Cache cache = CacheFactory.getAnyInstance();
@@ -1003,6 +1005,7 @@ public class CreateAlterDestroyRegionCommands extends AbstractCommandsSupport {
mandatory = true,
help = CliStrings.DESTROY_REGION__REGION__HELP)
String regionPath) {
+
if (regionPath == null) {
return ResultBuilder.createInfoResult(CliStrings.DESTROY_REGION__MSG__SPECIFY_REGIONPATH_TO_DESTROY);
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8a3c351a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DataCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DataCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DataCommands.java
index fafea9a..778089e 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DataCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DataCommands.java
@@ -1173,7 +1173,6 @@ public class DataCommands implements CommandMarker {
CliStrings.TOPIC_GEMFIRE_DATA, CliStrings.TOPIC_GEMFIRE_REGION })
@MultiStepCommand
@CliCommand(value = { CliStrings.QUERY }, help = CliStrings.QUERY__HELP)
- @ResourceOperation(resource = Resource.DATA, operation = OperationCode.READ)
public Object query(
@CliOption(key = CliStrings.QUERY__QUERY, help = CliStrings.QUERY__QUERY__HELP, mandatory = true) final String query,
@CliOption(key = CliStrings.QUERY__STEPNAME, mandatory = false, help = "Step name", unspecifiedDefaultValue = CliStrings.QUERY__STEPNAME__DEFAULTVALUE) String stepName,
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8a3c351a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/IndexCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/IndexCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/IndexCommands.java
index 24f9f71..b863737 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/IndexCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/IndexCommands.java
@@ -16,6 +16,17 @@
*/
package com.gemstone.gemfire.management.internal.cli.commands;
+import static com.gemstone.gemfire.cache.operations.OperationContext.*;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.TreeSet;
+
import com.gemstone.gemfire.SystemFailure;
import com.gemstone.gemfire.cache.Cache;
import com.gemstone.gemfire.cache.CacheFactory;
@@ -26,6 +37,7 @@ import com.gemstone.gemfire.cache.execute.ResultCollector;
import com.gemstone.gemfire.distributed.DistributedMember;
import com.gemstone.gemfire.internal.cache.execute.AbstractExecution;
import com.gemstone.gemfire.internal.lang.StringUtils;
+import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
import com.gemstone.gemfire.management.cli.CliMetaData;
import com.gemstone.gemfire.management.cli.ConverterHint;
import com.gemstone.gemfire.management.cli.Result;
@@ -47,22 +59,11 @@ import com.gemstone.gemfire.management.internal.cli.result.TabularResultData;
import com.gemstone.gemfire.management.internal.configuration.SharedConfigurationWriter;
import com.gemstone.gemfire.management.internal.configuration.domain.XmlEntity;
import com.gemstone.gemfire.management.internal.security.ResourceOperation;
+
import org.springframework.shell.core.annotation.CliAvailabilityIndicator;
import org.springframework.shell.core.annotation.CliCommand;
import org.springframework.shell.core.annotation.CliOption;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.TreeSet;
-
-import static com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
-import static com.gemstone.gemfire.cache.operations.OperationContext.Resource;
-
/**
* The IndexCommands class encapsulates all GemFire shell (Gfsh) commands related to indexes defined in GemFire.
* </p>
@@ -171,7 +172,6 @@ public class IndexCommands extends AbstractCommandsSupport {
@CliCommand(value = CliStrings.CREATE_INDEX, help = CliStrings.CREATE_INDEX__HELP)
@CliMetaData(shellOnly = false, relatedTopic={CliStrings.TOPIC_GEMFIRE_REGION, CliStrings.TOPIC_GEMFIRE_DATA}, writesToSharedConfiguration=true)
- @ResourceOperation(resource = Resource.DATA, operation = OperationCode.MANAGE)
//TODO : Add optionContext for indexName
public Result createIndex(
@CliOption (key = CliStrings.CREATE_INDEX__NAME,
@@ -205,7 +205,8 @@ public class IndexCommands extends AbstractCommandsSupport {
Result result = null;
XmlEntity xmlEntity = null;
-
+
+ GeodeSecurityUtil.authorizeRegionManage(regionPath);
try {
final Cache cache = CacheFactory.getAnyInstance();
@@ -458,7 +459,6 @@ public class IndexCommands extends AbstractCommandsSupport {
@CliCommand(value = CliStrings.DEFINE_INDEX, help = CliStrings.DEFINE_INDEX__HELP)
@CliMetaData(shellOnly = false, relatedTopic={CliStrings.TOPIC_GEMFIRE_REGION, CliStrings.TOPIC_GEMFIRE_DATA}, writesToSharedConfiguration=true)
- @ResourceOperation(resource = Resource.DATA, operation = OperationCode.MANAGE)
//TODO : Add optionContext for indexName
public Result defineIndex(
@CliOption (key = CliStrings.DEFINE_INDEX_NAME,
@@ -482,6 +482,8 @@ public class IndexCommands extends AbstractCommandsSupport {
Result result = null;
XmlEntity xmlEntity = null;
+
+ GeodeSecurityUtil.authorizeRegionManage(regionPath);
int idxType = IndexInfo.RANGE_INDEX;
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8a3c351a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/functions/DataCommandFunction.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/functions/DataCommandFunction.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/functions/DataCommandFunction.java
index b4e7340..ace24f2 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/functions/DataCommandFunction.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/functions/DataCommandFunction.java
@@ -26,8 +26,6 @@ import java.util.Map;
import java.util.Set;
import java.util.concurrent.atomic.AtomicInteger;
-import org.apache.logging.log4j.Logger;
-
import com.gemstone.gemfire.cache.Cache;
import com.gemstone.gemfire.cache.CacheClosedException;
import com.gemstone.gemfire.cache.CacheFactory;
@@ -59,6 +57,7 @@ import com.gemstone.gemfire.internal.InternalEntity;
import com.gemstone.gemfire.internal.NanoTimer;
import com.gemstone.gemfire.internal.cache.PartitionedRegion;
import com.gemstone.gemfire.internal.logging.LogService;
+import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
import com.gemstone.gemfire.management.cli.Result;
import com.gemstone.gemfire.management.internal.cli.CliUtil;
import com.gemstone.gemfire.management.internal.cli.commands.DataCommands;
@@ -77,6 +76,8 @@ import com.gemstone.gemfire.management.internal.cli.result.ResultBuilder;
import com.gemstone.gemfire.management.internal.cli.shell.Gfsh;
import com.gemstone.gemfire.management.internal.cli.util.JsonUtil;
import com.gemstone.gemfire.pdx.PdxInstance;
+
+import org.apache.logging.log4j.Logger;
import org.json.JSONArray;
/***
@@ -912,6 +913,12 @@ public class DataCommandFunction extends FunctionAdapter implements InternalEnt
CompiledValue compiledQuery = compiler.compileQuery(query);
Set<String> regions = new HashSet<String>();
compiledQuery.getRegionsInQuery(regions, null);
+
+ // authorize data read on these regions
+ for(String region:regions){
+ GeodeSecurityUtil.authorizeRegionRead(region);
+ }
+
regionsInQuery = Collections.unmodifiableSet(regions);
if (regionsInQuery.size() > 0) {
Set<DistributedMember> members = DataCommands.getQueryRegionsAssociatedMembers(regionsInQuery, cache, false);
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8a3c351a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/support/MemberMXBeanAdapter.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/support/MemberMXBeanAdapter.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/support/MemberMXBeanAdapter.java
deleted file mode 100644
index a3d4cd0..0000000
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/support/MemberMXBeanAdapter.java
+++ /dev/null
@@ -1,654 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.management.internal.web.controllers.support;
-
-import java.util.Map;
-
-import com.gemstone.gemfire.management.GemFireProperties;
-import com.gemstone.gemfire.management.JVMMetrics;
-import com.gemstone.gemfire.management.MemberMXBean;
-import com.gemstone.gemfire.management.OSMetrics;
-
-/**
- * The MemberMXBeanAdapter class is an abstract adapter class to the MemberMXBean interface.
- * <p/>
- * @see com.gemstone.gemfire.management.MemberMXBean
- * @since 8.0
- */
-public class MemberMXBeanAdapter implements MemberMXBean {
-
- @Override
- public String showLog(final int numberOfLines) {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public String viewLicense() { throw new UnsupportedOperationException("Not Implemented!"); }
-
- @Override
- public String[] compactAllDiskStores() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public boolean createManager() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public void shutDownMember() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public JVMMetrics showJVMMetrics() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public OSMetrics showOSMetrics() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public String processCommand(final String commandString) {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public String processCommand(final String commandString, final Map<String, String> env) {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public String processCommand(final String commandString, final Map<String, String> env, final Byte[][] binaryData) {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public String[] listDiskStores(final boolean includeRegionOwned) {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public GemFireProperties listGemFireProperties() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public String getHost() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public String getName() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public String getId() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public String getMember() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public String[] getGroups() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public int getProcessId() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public String status() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public String getVersion() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public boolean isLocator() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public long getLockTimeout() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public long getLockLease() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public boolean isServer() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public boolean hasGatewaySender() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public boolean isManager() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public boolean isManagerCreated() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public boolean hasGatewayReceiver() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public String getClassPath() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public long getCurrentTime() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public long getMemberUpTime() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public float getCpuUsage() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- @Deprecated
- public long getCurrentHeapSize() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- @Deprecated
- public long getMaximumHeapSize() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- @Deprecated
- public long getFreeHeapSize() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public String[] fetchJvmThreads() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public long getFileDescriptorLimit() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public long getTotalFileDescriptorOpen() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public int getTotalRegionCount() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public int getPartitionRegionCount() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public String[] listRegions() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public String[] getDiskStores() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public String[] getRootRegionNames() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public int getTotalRegionEntryCount() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public int getTotalBucketCount() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public int getTotalPrimaryBucketCount() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public long getGetsAvgLatency() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public long getPutsAvgLatency() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public long getPutAllAvgLatency() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public int getTotalMissCount() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public int getTotalHitCount() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public float getGetsRate() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public float getPutsRate() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public float getPutAllRate() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public float getCreatesRate() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public float getDestroysRate() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public long getCacheWriterCallsAvgLatency() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public long getCacheListenerCallsAvgLatency() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public int getTotalLoadsCompleted() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public long getLoadsAverageLatency() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public int getTotalNetLoadsCompleted() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public long getNetLoadsAverageLatency() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public int getTotalNetSearchCompleted() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public long getNetSearchAverageLatency() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public int getTotalDiskTasksWaiting() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public float getBytesSentRate() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public float getBytesReceivedRate() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public String[] listConnectedGatewayReceivers() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public String[] listConnectedGatewaySenders() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public int getNumRunningFunctions() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public float getFunctionExecutionRate() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public int getNumRunningFunctionsHavingResults() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public int getTotalTransactionsCount() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public long getTransactionCommitsAvgLatency() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public int getTransactionCommittedTotalCount() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public int getTransactionRolledBackTotalCount() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public float getTransactionCommitsRate() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public float getDiskReadsRate() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public float getDiskWritesRate() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public long getDiskFlushAvgLatency() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public int getTotalBackupInProgress() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public int getTotalBackupCompleted() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public int getLockWaitsInProgress() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public long getTotalLockWaitTime() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public int getTotalNumberOfLockService() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public int getTotalNumberOfGrantors() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public int getLockRequestQueues() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public float getLruEvictionRate() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public float getLruDestroyRate() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public int getInitialImagesInProgres() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public long getInitialImageTime() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public int getInitialImageKeysReceived() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public long getDeserializationAvgLatency() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public long getDeserializationLatency() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public float getDeserializationRate() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public long getSerializationAvgLatency() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public long getSerializationLatency() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public float getSerializationRate() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public float getPDXDeserializationRate() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public long getPDXDeserializationAvgLatency() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public long getTotalDiskUsage() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public int getNumThreads() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public double getLoadAverage() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public long getGarbageCollectionCount() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public long getGarbageCollectionTime() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public float getAverageReads() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public float getAverageWrites() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public long getJVMPauses() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public int getHostCpuUsage() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public boolean isCacheServer() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public String getRedundancyZone() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public int getRebalancesInProgress() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public int getReplyWaitsInProgress() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public int getReplyWaitsCompleted() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public int getVisibleNodes() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public int getOffHeapObjects() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public long getOffHeapMaxMemory() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public long getOffHeapFreeMemory() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public long getOffHeapUsedMemory() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public int getOffHeapFragmentation() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public long getOffHeapCompactionTime() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public long getMaxMemory() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public long getFreeMemory() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-
- @Override
- public long getUsedMemory() {
- throw new UnsupportedOperationException("Not Implemented!");
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8a3c351a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CliCommandsSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CliCommandsSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CliCommandsSecurityTest.java
index 0864e52..3ccd71c 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CliCommandsSecurityTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CliCommandsSecurityTest.java
@@ -16,13 +16,15 @@
*/
package com.gemstone.gemfire.management.internal.security;
-import static org.assertj.core.api.AssertionsForClassTypes.*;
+import static org.assertj.core.api.AssertionsForClassTypes.fail;
+import static org.junit.Assert.*;
import java.util.List;
import com.gemstone.gemfire.internal.AvailablePort;
import com.gemstone.gemfire.internal.logging.LogService;
import com.gemstone.gemfire.management.MemberMXBean;
+import com.gemstone.gemfire.security.NotAuthorizedException;
import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
import org.junit.Before;
@@ -58,14 +60,20 @@ public class CliCommandsSecurityTest {
@JMXConnectionConfiguration(user = "stranger", password = "1234567")
public void testNoAccess(){
for (TestCommand command:commands) {
+ // skip query commands since query commands are only available in client shell
+ if(command.getCommand().startsWith("query"))
+ continue;
LogService.getLogger().info("processing: "+command.getCommand());
- // for those commands that don't require any permission, any user can execute them
- if(command.getPermission()==null){
- bean.processCommand(command.getCommand());
- }
- else {
- assertThatThrownBy(() -> bean.processCommand(command.getCommand()))
- .hasMessageContaining(command.getPermission().toString());
+ // for those commands that requires a permission, we expect an exception to be thrown
+ if(command.getPermission()!=null){
+ try{
+ String result = bean.processCommand(command.getCommand());
+ fail(command.getCommand() + " has result: "+ result);
+ }
+ catch(NotAuthorizedException e){
+ assertTrue(e.getMessage()+" should contain "+command.getPermission(),
+ e.getMessage().contains(command.getPermission().toString()));
+ }
}
}
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8a3c351a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java
index b21302e..1a15367 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java
@@ -110,6 +110,24 @@ public class GfshCommandsSecurityTest {
runCommandsWithAndWithout("DATA:MANAGE");
}
+ @Test
+ @JMXConnectionConfiguration(user = "regionA-reader", password = "1234567")
+ public void testregionAReader() throws Exception{
+ runCommandsWithAndWithout("DATA:READ:RegionA");
+ }
+
+ @Test
+ @JMXConnectionConfiguration(user = "regionA-writer", password = "1234567")
+ public void testregionAWriter() throws Exception{
+ runCommandsWithAndWithout("DATA:WRITE:RegionA");
+ }
+
+ @Test
+ @JMXConnectionConfiguration(user = "regionA-manager", password = "1234567")
+ public void testregionAManager() throws Exception{
+ runCommandsWithAndWithout("DATA:MANAGE:RegionA");
+ }
+
private void runCommandsWithAndWithout(String permission) throws Exception{
List<TestCommand> allPermitted = TestCommand.getPermittedCommands(new WildcardPermission(permission, true));
@@ -148,7 +166,9 @@ public class GfshCommandsSecurityTest {
}
assertEquals(ResultBuilder.ERRORCODE_UNAUTHORIZED, ((ErrorResultData) result.getResultData()).getErrorCode());
- assertTrue(result.getContent().toString().contains(other.getPermission().toString()));
+ String resultMessage = result.getContent().toString();
+ String permString = other.getPermission().toString();
+ assertTrue(resultMessage+" does not contain "+permString,resultMessage.contains(permString));
}
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8a3c351a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/TestCommand.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/TestCommand.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/TestCommand.java
index 667330c..4b482a9 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/TestCommand.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/TestCommand.java
@@ -33,6 +33,7 @@ public class TestCommand {
public static OperationContext regionARead = new ResourceOperationContext("DATA", "READ", "RegionA");
public static OperationContext regionAWrite = new ResourceOperationContext("DATA", "WRITE", "RegionA");
+ public static OperationContext regionAManage = new ResourceOperationContext("DATA", "MANAGE", "RegionA");
public static OperationContext clusterRead = new ResourceOperationContext("CLUSTER", "READ");
public static OperationContext clusterWrite = new ResourceOperationContext("CLUSTER", "WRITE");
@@ -91,7 +92,7 @@ public class TestCommand {
createTestCommand("export config --member=member1", clusterRead);
//CreateAlterDestroyRegionCommands
- createTestCommand("alter region --name=region1 --eviction-max=5000", dataManage);
+ createTestCommand("alter region --name=RegionA --eviction-max=5000", regionAManage);
createTestCommand("create region --name=region12 --type=REPLICATE", dataManage);
createTestCommand("destroy region --name=value", dataManage);
@@ -102,7 +103,7 @@ public class TestCommand {
createTestCommand("put --key=key1 --value=value1 --region=RegionA", regionAWrite);
createTestCommand("get --key=key1 --region=RegionA", regionARead);
createTestCommand("remove --region=RegionA", dataManage);
- createTestCommand("query --query='SELECT * FROM /RegionA'", dataRead);
+ createTestCommand("query --query='SELECT * FROM /RegionA'", regionARead);
createTestCommand("locate entry --key=k1 --region=RegionA", regionARead);
// Deploy commands
@@ -147,8 +148,8 @@ public class TestCommand {
//IndexCommands
createTestCommand("clear defined indexes", dataManage);
createTestCommand("create defined indexes", dataManage);
- createTestCommand("create index --name=myKeyIndex --expression=region1.Id --region=region1 --type=key", dataManage);
- createTestCommand("define index --name=myIndex1 --expression=exp1 --region=/exampleRegion", dataManage);
+ createTestCommand("create index --name=myKeyIndex --expression=region1.Id --region=RegionA --type=key", regionAManage);
+ createTestCommand("define index --name=myIndex1 --expression=exp1 --region=/RegionA", regionAManage);
createTestCommand("destroy index --member=server2", dataManage);
createTestCommand("list indexes", clusterRead);
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8a3c351a/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/cacheServer.json
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/cacheServer.json b/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/cacheServer.json
index 638ae07..fbbda8d 100644
--- a/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/cacheServer.json
+++ b/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/cacheServer.json
@@ -82,6 +82,27 @@
"regions": "null,region1"
},
{
+ "name": "regionA-manage",
+ "operationsAllowed": [
+ "DATA:MANAGE"
+ ],
+ "regions": "RegionA"
+ },
+ {
+ "name": "regionA-write",
+ "operationsAllowed": [
+ "DATA:WRITE"
+ ],
+ "regions": "RegionA"
+ },
+ {
+ "name": "regionA-read",
+ "operationsAllowed": [
+ "DATA:READ"
+ ],
+ "regions": "RegionA"
+ },
+ {
"name": "secure-use",
"operationsAllowed": [
"DATA:READ",
@@ -183,6 +204,27 @@
"roles": [
"cluster-manage"
]
+ },
+ {
+ "name": "regionA-manager",
+ "password": "1234567",
+ "roles": [
+ "regionA-manage"
+ ]
+ },
+ {
+ "name": "regionA-writer",
+ "password": "1234567",
+ "roles": [
+ "regionA-write"
+ ]
+ },
+ {
+ "name": "regionA-reader",
+ "password": "1234567",
+ "roles": [
+ "regionA-read"
+ ]
}
]
}