You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by je...@apache.org on 2016/04/01 16:05:24 UTC
[3/3] incubator-geode git commit: GEODE-17: WIP adding security tests
for CLI commands
GEODE-17: WIP adding security tests for CLI commands
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/65635fe4
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/65635fe4
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/65635fe4
Branch: refs/heads/feature/GEODE-17-2
Commit: 65635fe4d67c09c822bed515b3672e25b689e6bb
Parents: 2a817e1
Author: Jens Deppe <jd...@pivotal.io>
Authored: Thu Mar 31 13:56:17 2016 -0700
Committer: Jens Deppe <jd...@pivotal.io>
Committed: Fri Apr 1 07:04:43 2016 -0700
----------------------------------------------------------------------
.../cache/operations/OperationContext.java | 2 +-
.../internal/cli/commands/ConfigCommands.java | 4 +-
.../cli/commands/DiskStoreCommands.java | 4 +-
...ExportImportSharedConfigurationCommands.java | 4 +-
.../cli/commands/MiscellaneousCommands.java | 18 +-
.../internal/cli/commands/PDXCommands.java | 4 +-
.../internal/cli/commands/QueueCommands.java | 2 +-
.../internal/cli/commands/StatusCommands.java | 2 +-
.../security/AllCliCommandsSecurityTest.java | 178 +++++++++++++++++++
.../security/MiscCommandsSecurityTest.java | 61 -------
.../security/PDXCommandsSecurityTest.java | 67 -------
.../security/QueueCommandsSecurityTest.java | 65 -------
.../security/ShellCommandsSecurityTest.java | 77 --------
.../security/StatusCommandsSecurityTest.java | 61 -------
.../security/WanCommandsSecurityTest.java | 113 ------------
.../internal/security/cacheServer.json | 14 +-
16 files changed, 209 insertions(+), 467 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/65635fe4/geode-core/src/main/java/com/gemstone/gemfire/cache/operations/OperationContext.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/cache/operations/OperationContext.java b/geode-core/src/main/java/com/gemstone/gemfire/cache/operations/OperationContext.java
index f272fda..1708917 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/cache/operations/OperationContext.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/cache/operations/OperationContext.java
@@ -34,7 +34,7 @@ public abstract class OperationContext {
ASYNC_EVENT_QUEUE,
CLIENT,
CLIENT_SERVER,
- CLUSTER_CONFIGURTION,
+ CLUSTER_CONFIGURATION,
CONTINUOUS_QUERY,
DISKSTORE,
DISTRIBUTED_SYSTEM,
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/65635fe4/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ConfigCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ConfigCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ConfigCommands.java
index 735b522..d5350e0 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ConfigCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ConfigCommands.java
@@ -83,7 +83,7 @@ public class ConfigCommands implements CommandMarker {
@CliCommand(value = { CliStrings.DESCRIBE_CONFIG }, help = CliStrings.DESCRIBE_CONFIG__HELP)
@CliMetaData(shellOnly = false, relatedTopic = {CliStrings.TOPIC_GEMFIRE_CONFIG})
- @ResourceOperation(resource = Resource.CLUSTER_CONFIGURTION, operation= OperationCode.LIST)
+ @ResourceOperation(resource = Resource.CLUSTER_CONFIGURATION, operation= OperationCode.LIST)
public Result describeConfig(
@CliOption (key = CliStrings.DESCRIBE_CONFIG__MEMBER,
optionContext = ConverterHint.ALL_MEMBER_IDNAME,
@@ -197,7 +197,7 @@ public class ConfigCommands implements CommandMarker {
*/
@CliCommand(value = { CliStrings.EXPORT_CONFIG }, help = CliStrings.EXPORT_CONFIG__HELP)
@CliMetaData(interceptor = "com.gemstone.gemfire.management.internal.cli.commands.ConfigCommands$Interceptor", relatedTopic = {CliStrings.TOPIC_GEMFIRE_CONFIG})
- @ResourceOperation(resource = Resource.CLUSTER_CONFIGURTION, operation = OperationCode.EXPORT)
+ @ResourceOperation(resource = Resource.CLUSTER_CONFIGURATION, operation = OperationCode.EXPORT)
public Result exportConfig(
@CliOption(key = { CliStrings.EXPORT_CONFIG__MEMBER },
optionContext = ConverterHint.ALL_MEMBER_IDNAME,
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/65635fe4/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DiskStoreCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DiskStoreCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DiskStoreCommands.java
index acf4c20..82eeaf4 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DiskStoreCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DiskStoreCommands.java
@@ -215,7 +215,7 @@ public class DiskStoreCommands extends AbstractCommandsSupport {
@CliCommand(value = CliStrings.LIST_DISK_STORE, help = CliStrings.LIST_DISK_STORE__HELP)
@CliMetaData(shellOnly = false, relatedTopic = { CliStrings.TOPIC_GEMFIRE_DISKSTORE })
- @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.LIST)
+ @ResourceOperation(resource = Resource.DISKSTORE, operation = OperationCode.LIST)
public Result listDiskStore() {
try {
Set<DistributedMember> dataMembers = getNormalMembers(getCache());
@@ -869,7 +869,7 @@ public class DiskStoreCommands extends AbstractCommandsSupport {
@CliCommand(value = CliStrings.DESCRIBE_DISK_STORE, help = CliStrings.DESCRIBE_DISK_STORE__HELP)
@CliMetaData(shellOnly = false, relatedTopic = { CliStrings.TOPIC_GEMFIRE_DISKSTORE })
- @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.LIST)
+ @ResourceOperation(resource = Resource.DISKSTORE, operation = OperationCode.LIST)
public Result describeDiskStore(@CliOption(key = CliStrings.DESCRIBE_DISK_STORE__MEMBER, mandatory = true, optionContext = ConverterHint.MEMBERIDNAME, help = CliStrings.DESCRIBE_DISK_STORE__MEMBER__HELP)
final String memberName,
@CliOption(key = CliStrings.DESCRIBE_DISK_STORE__NAME, mandatory = true, optionContext = ConverterHint.DISKSTORE_ALL, help = CliStrings.DESCRIBE_DISK_STORE__NAME__HELP)
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/65635fe4/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ExportImportSharedConfigurationCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ExportImportSharedConfigurationCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ExportImportSharedConfigurationCommands.java
index 19b93cf..a5316d8 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ExportImportSharedConfigurationCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ExportImportSharedConfigurationCommands.java
@@ -64,7 +64,7 @@ public class ExportImportSharedConfigurationCommands extends AbstractCommandsSup
@CliCommand(value = { CliStrings.EXPORT_SHARED_CONFIG }, help = CliStrings.EXPORT_SHARED_CONFIG__HELP)
@CliMetaData(interceptor = "com.gemstone.gemfire.management.internal.cli.commands.ExportImportSharedConfigurationCommands$ExportInterceptor", readsSharedConfiguration=true, relatedTopic = {CliStrings.TOPIC_GEMFIRE_CONFIG})
- @ResourceOperation(resource = Resource.CLUSTER_CONFIGURTION, operation = OperationCode.EXPORT)
+ @ResourceOperation(resource = Resource.CLUSTER_CONFIGURATION, operation = OperationCode.EXPORT)
public Result exportSharedConfig(
@CliOption(key = { CliStrings.EXPORT_SHARED_CONFIG__FILE},
mandatory = true,
@@ -115,7 +115,7 @@ public class ExportImportSharedConfigurationCommands extends AbstractCommandsSup
@CliCommand(value = { CliStrings.IMPORT_SHARED_CONFIG }, help = CliStrings.IMPORT_SHARED_CONFIG__HELP)
@CliMetaData(interceptor = "com.gemstone.gemfire.management.internal.cli.commands.ExportImportSharedConfigurationCommands$ImportInterceptor", writesToSharedConfiguration=true, relatedTopic = {CliStrings.TOPIC_GEMFIRE_CONFIG})
- @ResourceOperation(resource = Resource.CLUSTER_CONFIGURTION, operation = OperationCode.IMPORT)
+ @ResourceOperation(resource = Resource.CLUSTER_CONFIGURATION, operation = OperationCode.IMPORT)
@SuppressWarnings("unchecked")
public Result importSharedConfig(
@CliOption(key = { CliStrings.IMPORT_SHARED_CONFIG__ZIP},
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/65635fe4/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/MiscellaneousCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/MiscellaneousCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/MiscellaneousCommands.java
index 00ebf94..632c719 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/MiscellaneousCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/MiscellaneousCommands.java
@@ -185,7 +185,7 @@ public class MiscellaneousCommands implements CommandMarker {
@CliCommand(value = CliStrings.SHUTDOWN, help = CliStrings.SHUTDOWN__HELP)
@CliMetaData(relatedTopic = { CliStrings.TOPIC_GEMFIRE_LIFECYCLE },
interceptor = "com.gemstone.gemfire.management.internal.cli.commands.MiscellaneousCommands$Interceptor")
- @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.SHUTDOWN)
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.MANAGE)
public Result shutdown(
@CliOption(key = CliStrings.SHUTDOWN__TIMEOUT, unspecifiedDefaultValue = DEFAULT_TIME_OUT,
help = CliStrings.SHUTDOWN__TIMEOUT__HELP) int userSpecifiedTimeout,
@@ -326,7 +326,7 @@ public class MiscellaneousCommands implements CommandMarker {
@CliCommand(value = CliStrings.GC, help = CliStrings.GC__HELP)
@CliMetaData(relatedTopic = { CliStrings.TOPIC_GEMFIRE_DEBUG_UTIL })
- @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.GC)
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.MANAGE)
public Result gc(
@CliOption(key = CliStrings.GC__GROUP, unspecifiedDefaultValue = CliMetaData.ANNOTATION_NULL_VALUE, help = CliStrings.GC__GROUP__HELP)
String[] groups,
@@ -417,7 +417,7 @@ public class MiscellaneousCommands implements CommandMarker {
@CliCommand(value = CliStrings.NETSTAT, help = CliStrings.NETSTAT__HELP)
@CliMetaData(relatedTopic = { CliStrings.TOPIC_GEMFIRE_DEBUG_UTIL })
- @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.NETSTAT)
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.MANAGE)
//TODO : Verify the auto-completion for multiple values.
public Result netstat(
@CliOption(key = CliStrings.NETSTAT__MEMBER,
@@ -571,7 +571,7 @@ public class MiscellaneousCommands implements CommandMarker {
@CliCommand(value = CliStrings.SHOW_DEADLOCK, help = CliStrings.SHOW_DEADLOCK__HELP)
@CliMetaData(shellOnly = false, relatedTopic = { CliStrings.TOPIC_GEMFIRE_DEBUG_UTIL })
- @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.SHOW_DEADLOCKS)
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.LIST)
public Result showDeadlock(
@CliOption(key = CliStrings.SHOW_DEADLOCK__DEPENDENCIES__FILE,
help = CliStrings.SHOW_DEADLOCK__DEPENDENCIES__FILE__HELP,
@@ -621,7 +621,7 @@ public class MiscellaneousCommands implements CommandMarker {
@CliCommand(value = CliStrings.SHOW_LOG, help = CliStrings.SHOW_LOG_HELP)
@CliMetaData(shellOnly = false, relatedTopic = { CliStrings.TOPIC_GEMFIRE_DEBUG_UTIL })
- @ResourceOperation(resource = Resource.MEMBER, operation = OperationCode.SHOW_LOG)
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.LIST)
public Result showLog(
@CliOption(key = CliStrings.SHOW_LOG_MEMBER, optionContext = ConverterHint.ALL_MEMBER_IDNAME, unspecifiedDefaultValue = CliMetaData.ANNOTATION_NULL_VALUE, help = CliStrings.SHOW_LOG_MEMBER_HELP, mandatory = true) String memberNameOrId,
@CliOption(key = CliStrings.SHOW_LOG_LINE_NUM, unspecifiedDefaultValue = "0", help = CliStrings.SHOW_LOG_LINE_NUM_HELP, mandatory = false) int numberOfLines) {
@@ -769,7 +769,7 @@ public class MiscellaneousCommands implements CommandMarker {
}
@CliCommand(value = CliStrings.EXPORT_LOGS, help = CliStrings.EXPORT_LOGS__HELP)
@CliMetaData(shellOnly = false, relatedTopic = { CliStrings.TOPIC_GEMFIRE_SERVER, CliStrings.TOPIC_GEMFIRE_DEBUG_UTIL })
- @ResourceOperation(resource = Resource.MEMBER, operation = OperationCode.EXPORT_LOGS)
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.LIST)
public Result exportLogs(
@CliOption(key = CliStrings.EXPORT_LOGS__DIR,
help = CliStrings.EXPORT_LOGS__DIR__HELP, mandatory=true) String dirName,
@@ -991,7 +991,7 @@ public class MiscellaneousCommands implements CommandMarker {
*/
@CliCommand(value = CliStrings.EXPORT_STACKTRACE, help = CliStrings.EXPORT_STACKTRACE__HELP)
@CliMetaData(shellOnly = false, relatedTopic = { CliStrings.TOPIC_GEMFIRE_DEBUG_UTIL })
- @ResourceOperation(resource = Resource.MEMBER, operation = OperationCode.EXPORT_STACKTRACE)
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.LIST)
public Result exportStackTrace(
@CliOption(key = CliStrings.EXPORT_STACKTRACE__MEMBER,
optionContext = ConverterHint.ALL_MEMBER_IDNAME,
@@ -1092,7 +1092,7 @@ public class MiscellaneousCommands implements CommandMarker {
@CliCommand(value = CliStrings.SHOW_METRICS, help = CliStrings.SHOW_METRICS__HELP)
@CliMetaData(shellOnly = false, relatedTopic = { CliStrings.TOPIC_GEMFIRE_STATISTICS })
- @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= OperationCode.SHOW_METRICS)
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= OperationCode.LIST)
public Result showMetrics(
@CliOption(key = { CliStrings.SHOW_METRICS__MEMBER }, optionContext = ConverterHint.ALL_MEMBER_IDNAME, help = CliStrings.SHOW_METRICS__MEMBER__HELP) String memberNameOrId,
@CliOption(key = { CliStrings.SHOW_METRICS__REGION }, optionContext = ConverterHint.REGIONPATH, help = CliStrings.SHOW_METRICS__REGION__HELP) String regionName,
@@ -1996,7 +1996,7 @@ public class MiscellaneousCommands implements CommandMarker {
@CliCommand(value = CliStrings.CHANGE_LOGLEVEL, help = CliStrings.CHANGE_LOGLEVEL__HELP)
@CliMetaData(relatedTopic = { CliStrings.TOPIC_CHANGELOGLEVEL })
- @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.ALTER_RUNTIME)
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.MANAGE)
public Result changeLogLevel(
@CliOption(key = CliStrings.CHANGE_LOGLEVEL__MEMBER, unspecifiedDefaultValue = "", help = CliStrings.CHANGE_LOGLEVEL__MEMBER__HELP) String[] memberIds,
@CliOption(key = CliStrings.CHANGE_LOGLEVEL__GROUPS, unspecifiedDefaultValue = "", help = CliStrings.CHANGE_LOGLEVEL__GROUPS__HELP) String[] grps,
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/65635fe4/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/PDXCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/PDXCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/PDXCommands.java
index d4b709b..1c3dd84 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/PDXCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/PDXCommands.java
@@ -53,7 +53,7 @@ public class PDXCommands extends AbstractCommandsSupport{
@CliCommand (value = CliStrings.CONFIGURE_PDX, help = CliStrings.CONFIGURE_PDX__HELP)
@CliMetaData (relatedTopic = CliStrings.TOPIC_GEMFIRE_REGION, writesToSharedConfiguration = true)
- @ResourceOperation( resource=Resource.PDX, operation = OperationCode.CONFIGURE)
+ @ResourceOperation( resource=Resource.PDX, operation = OperationCode.MANAGE)
public Result configurePDX(
@CliOption (key = CliStrings.CONFIGURE_PDX__READ__SERIALIZED,
unspecifiedDefaultValue = CliMetaData.ANNOTATION_NULL_VALUE,
@@ -175,7 +175,7 @@ public class PDXCommands extends AbstractCommandsSupport{
@CliCommand (value = CliStrings.PDX_RENAME, help = CliStrings.PDX_RENAME__HELP)
@CliMetaData(shellOnly=true, relatedTopic={CliStrings.TOPIC_GEMFIRE_DISKSTORE})
- @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.RENAME)
+ @ResourceOperation(resource = Resource.PDX, operation = OperationCode.MANAGE)
public Result pdxRename(
@CliOption (key = CliStrings.PDX_RENAME_OLD,
mandatory=true,
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/65635fe4/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/QueueCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/QueueCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/QueueCommands.java
index 1693a37..f77c4c0 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/QueueCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/QueueCommands.java
@@ -62,7 +62,7 @@ public class QueueCommands implements CommandMarker {
@CliCommand(value = CliStrings.CREATE_ASYNC_EVENT_QUEUE, help = CliStrings.CREATE_ASYNC_EVENT_QUEUE__HELP)
@CliMetaData(writesToSharedConfiguration = true)
- @ResourceOperation(resource = Resource.ASYNC_EVENT_QUEUE, operation = OperationCode.CREATE)
+ @ResourceOperation(resource = Resource.ASYNC_EVENT_QUEUE, operation = OperationCode.MANAGE)
public Result createAsyncEventQueue(
@CliOption(key = CliStrings.CREATE_ASYNC_EVENT_QUEUE__ID,
mandatory = true,
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/65635fe4/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/StatusCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/StatusCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/StatusCommands.java
index cab80fe..2671ba4 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/StatusCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/StatusCommands.java
@@ -48,7 +48,7 @@ public class StatusCommands extends AbstractCommandsSupport implements CommandMa
@SuppressWarnings("unchecked")
@CliCommand (value = CliStrings.STATUS_SHARED_CONFIG, help = CliStrings.STATUS_SHARED_CONFIG_HELP)
@CliMetaData (relatedTopic = CliStrings.TOPIC_GEMFIRE_LOCATOR)
- @ResourceOperation(resource = Resource.CLUSTER_CONFIGURTION, operation = OperationCode.STATUS)
+ @ResourceOperation(resource = Resource.CLUSTER_CONFIGURATION, operation = OperationCode.STATUS)
public Result statusSharedConfiguration() {
final GemFireCacheImpl cache = GemFireCacheImpl.getInstance();
final Set<DistributedMember> locators = new HashSet<DistributedMember>(cache.getDistributionManager().getAllHostedLocatorsWithSharedConfiguration().keySet());
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/65635fe4/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AllCliCommandsSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AllCliCommandsSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AllCliCommandsSecurityTest.java
new file mode 100644
index 0000000..99364a4
--- /dev/null
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AllCliCommandsSecurityTest.java
@@ -0,0 +1,178 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.management.internal.security;
+
+import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
+import com.gemstone.gemfire.cache.operations.OperationContext.Resource;
+import com.gemstone.gemfire.internal.AvailablePort;
+import com.gemstone.gemfire.management.MemberMXBean;
+import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
+import org.junit.Before;
+import org.junit.ClassRule;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.junit.Assert.assertNull;
+
+@Category(IntegrationTest.class)
+public class AllCliCommandsSecurityTest {
+ private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
+
+ private MemberMXBean bean;
+
+ private static class Permission {
+ private final Resource resource;
+ private final OperationCode operationCode;
+
+ Permission(Resource resource, OperationCode operationCode) {
+ this.resource = resource;
+ this.operationCode = operationCode;
+ }
+
+ @Override
+ public String toString() {
+ String result = resource.toString() + ":" + operationCode.toString();
+ return result;
+ }
+ }
+
+ private static final Permission ASYNC_EVENT_QUEUE_MANAGE = new Permission(Resource.ASYNC_EVENT_QUEUE, OperationCode.MANAGE);
+ private static final Permission ASYNC_EVENT_QUEUE_LIST = new Permission(Resource.ASYNC_EVENT_QUEUE, OperationCode.LIST);
+ private static final Permission CLUSTER_CONFIGURATION_STATUS = new Permission(Resource.CLUSTER_CONFIGURATION, OperationCode.STATUS);
+ private static final Permission DISKSTORE_MANAGE = new Permission(Resource.DISKSTORE, OperationCode.MANAGE);
+ private static final Permission DISKSTORE_LIST = new Permission(Resource.DISKSTORE, OperationCode.LIST);
+ private static final Permission DISTRIBUTED_SYSTEM_ALL = new Permission(Resource.DISTRIBUTED_SYSTEM, OperationCode.ALL);
+ private static final Permission DISTRIBUTED_SYSTEM_LIST = new Permission(Resource.DISTRIBUTED_SYSTEM, OperationCode.LIST);
+ private static final Permission DISTRIBUTED_SYSTEM_MANAGE = new Permission(Resource.DISTRIBUTED_SYSTEM, OperationCode.MANAGE);
+ private static final Permission GATEWAY_MANAGE = new Permission(Resource.GATEWAY, OperationCode.MANAGE);
+ private static final Permission GATEWAY_LIST = new Permission(Resource.GATEWAY, OperationCode.LIST);
+ private static final Permission PDX_MANAGE = new Permission(Resource.PDX, OperationCode.MANAGE);
+
+ private Map<String, Permission> commandPermission = new HashMap<>();
+
+
+ public AllCliCommandsSecurityTest() {
+
+ // Config Commands
+ commandPermission.put("status cluster-config-service", CLUSTER_CONFIGURATION_STATUS);
+
+ // Diskstore Commands
+ commandPermission.put("backup disk-store --dir=foo", DISKSTORE_MANAGE);
+ commandPermission.put("list disk-stores", DISKSTORE_LIST);
+ commandPermission.put("create disk-store --name=foo --dir=bar", DISKSTORE_MANAGE);
+ commandPermission.put("compact disk-store --name=foo", DISKSTORE_MANAGE);
+ commandPermission.put("compact offline-disk-store --name=foo --disk-dirs=bar", DISKSTORE_MANAGE);
+ commandPermission.put("upgrade offline-disk-store --name=foo --disk-dirs=bar", DISKSTORE_MANAGE);
+ commandPermission.put("describe disk-store --name=foo --member=baz", DISKSTORE_LIST);
+ commandPermission.put("revoke missing-disk-store --id=foo", DISKSTORE_MANAGE);
+ commandPermission.put("show missing-disk-stores", DISKSTORE_MANAGE);
+ commandPermission.put("describe offline-disk-store --name=foo --disk-dirs=bar", DISKSTORE_LIST);
+ commandPermission.put("export offline-disk-store --name=foo --disk-dirs=bar --dir=baz", DISKSTORE_MANAGE);
+ commandPermission.put("validate offline-disk-store --name=foo --disk-dirs=bar", DISKSTORE_MANAGE);
+// commandPermission.put("alter offline-disk-store --name=foo --region=xyz --disk-dirs=bar", DISKSTORE_MANAGE);
+ commandPermission.put("destroy disk-store --name=foo", DISKSTORE_MANAGE);
+
+ // Misc Commands
+ commandPermission.put("change loglevel --loglevel=severe --member=server1", DISTRIBUTED_SYSTEM_MANAGE);
+ commandPermission.put("export logs --dir=data/logs", DISTRIBUTED_SYSTEM_LIST);
+ commandPermission.put("export stack-traces --file=stack.txt", DISTRIBUTED_SYSTEM_LIST);
+ commandPermission.put("gc", DISTRIBUTED_SYSTEM_MANAGE);
+ commandPermission.put("netstat --member=server1", DISTRIBUTED_SYSTEM_MANAGE);
+ commandPermission.put("show dead-locks --file=deadlocks.txt", DISTRIBUTED_SYSTEM_LIST);
+ commandPermission.put("show log --member=locator1 --lines=5", DISTRIBUTED_SYSTEM_LIST);
+ commandPermission.put("show metrics", DISTRIBUTED_SYSTEM_LIST);
+// commandPermission.put("shutdown", DISTRIBUTED_SYSTEM_MANAGE);
+
+ // PDX Commands
+ commandPermission.put("configure pdx --read-serialized=true", PDX_MANAGE);
+ commandPermission.put("pdx rename --old=com.gemstone --new=com.pivotal --disk-store=ds1 --disk-dirs=/diskDir1", PDX_MANAGE);
+
+ // Queue Commands
+ commandPermission.put("create async-event-queue --id=myAEQ --listener=myApp.myListener", ASYNC_EVENT_QUEUE_MANAGE);
+ commandPermission.put("list async-event-queues", ASYNC_EVENT_QUEUE_LIST);
+
+ // Shell Commands
+ commandPermission.put("connect", DISTRIBUTED_SYSTEM_ALL);
+ commandPermission.put("debug --state=on", DISTRIBUTED_SYSTEM_ALL);
+ commandPermission.put("describe connection", DISTRIBUTED_SYSTEM_ALL);
+ commandPermission.put("echo --string=\"Hello World!\"", DISTRIBUTED_SYSTEM_ALL);
+ commandPermission.put("encrypt password --password=value", DISTRIBUTED_SYSTEM_ALL);
+ commandPermission.put("version", DISTRIBUTED_SYSTEM_ALL);
+ commandPermission.put("sleep", DISTRIBUTED_SYSTEM_ALL);
+ commandPermission.put("sh ls", DISTRIBUTED_SYSTEM_ALL);
+ commandPermission.put("disconnect", DISTRIBUTED_SYSTEM_ALL);
+
+ // WAN Commands
+ commandPermission.put("create gateway-sender --id=sender1 --remote-distributed-system-id=2", GATEWAY_MANAGE);
+ commandPermission.put("start gateway-sender --id=sender1", GATEWAY_MANAGE);
+ commandPermission.put("pause gateway-sender --id=sender1", GATEWAY_MANAGE);
+ commandPermission.put("resume gateway-sender --id=sender1", GATEWAY_MANAGE);
+ commandPermission.put("stop gateway-sender --id=sender1", GATEWAY_MANAGE);
+ commandPermission.put("load-balance gateway-sender --id=sender1", GATEWAY_MANAGE);
+ commandPermission.put("list gateways", GATEWAY_LIST);
+ commandPermission.put("create gateway-receiver", GATEWAY_MANAGE);
+ commandPermission.put("start gateway-receiver", GATEWAY_MANAGE);
+ commandPermission.put("stop gateway-receiver", GATEWAY_MANAGE);
+ commandPermission.put("status gateway-receiver", GATEWAY_LIST);
+ }
+
+ @ClassRule
+ public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
+ jmxManagerPort, "cacheServer.json");
+
+ @Rule
+ public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
+
+ @Before
+ public void setUp() throws Exception {
+ bean = connectionRule.getProxyMBean(MemberMXBean.class);
+ }
+
+ @Test
+ @JMXConnectionConfiguration(user = "adminUser", password = "1234567")
+ public void testAdminUser() throws Exception {
+ for (String cmd : commandPermission.keySet()) {
+ try {
+ bean.processCommand(cmd);
+ } catch (Throwable t) {
+ assertNull(String.format("Error evaluating command: '%s'", cmd), t);
+ }
+ }
+ }
+
+ // dataUser has all the permissions granted, but not to region2 (only to region1)
+ @Test
+ @JMXConnectionConfiguration(user = "dataUser", password = "1234567")
+ public void testNoAccess(){
+ for (Map.Entry<String, Permission> e : commandPermission.entrySet()) {
+ try {
+ assertThatThrownBy(() -> bean.processCommand(e.getKey()))
+ .hasMessageStartingWith("Access Denied: Not authorized for " + e.getValue())
+ .isInstanceOf(SecurityException.class);
+ } catch (Throwable t) {
+ assertNull(String.format("Command should have failed: '%s'", e.getKey(), t));
+ }
+ }
+
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/65635fe4/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MiscCommandsSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MiscCommandsSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MiscCommandsSecurityTest.java
deleted file mode 100644
index 65eb801..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MiscCommandsSecurityTest.java
+++ /dev/null
@@ -1,61 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.management.internal.security;
-
-import com.gemstone.gemfire.internal.AvailablePort;
-import com.gemstone.gemfire.management.MemberMXBean;
-import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
-import org.junit.Before;
-import org.junit.ClassRule;
-import org.junit.Rule;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-@Category(IntegrationTest.class)
-public class MiscCommandsSecurityTest {
- private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
-
- private MemberMXBean bean;
-
- @ClassRule
- public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
- jmxManagerPort, "cacheServer.json");
-
- @Rule
- public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
-
- @Before
- public void setUp() throws Exception {
- bean = connectionRule.getProxyMBean(MemberMXBean.class);
- }
-
- private static String[] commands = {};
-
- @JMXConnectionConfiguration(user = "superuser", password = "1234567")
- @Test
- public void testAllAccess(){
- bean.processCommand("change loglevel --loglevel=severe --members=server1");
- bean.processCommand("export logs --dir=data/logs");
- bean.processCommand("export stack-traces --file=stack.txt");
- bean.processCommand("gc");
- bean.processCommand("netstat --member=server1");
- bean.processCommand("show dead-locks --file=deadlocks.txt");
- bean.processCommand("show log --member=locator1 --lines=5");
- bean.processCommand("show metrics");
- bean.processCommand("shutdown");
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/65635fe4/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/PDXCommandsSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/PDXCommandsSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/PDXCommandsSecurityTest.java
deleted file mode 100644
index 721f29d..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/PDXCommandsSecurityTest.java
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.management.internal.security;
-
-import com.gemstone.gemfire.internal.AvailablePort;
-import com.gemstone.gemfire.management.MemberMXBean;
-import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
-import org.junit.Before;
-import org.junit.ClassRule;
-import org.junit.Rule;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
-
-@Category(IntegrationTest.class)
-public class PDXCommandsSecurityTest {
- private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
-
- private MemberMXBean bean;
-
- @ClassRule
- public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
- jmxManagerPort, "cacheServer.json");
-
- @Rule
- public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
-
- @Before
- public void setUp() throws Exception {
- bean = connectionRule.getProxyMBean(MemberMXBean.class);
- }
-
- @JMXConnectionConfiguration(user = "superuser", password = "1234567")
- @Test
- public void testAllAccess(){
- bean.processCommand("configure pdx --read-serialized=true");
- bean.processCommand("pdx rename --old=com.gemstone --new=com.pivotal --disk-store=ds1 --disk-dirs=/diskDir1");
- }
-
- // stranger has no permission granted
- @JMXConnectionConfiguration(user = "stranger", password = "1234567")
- @Test
- public void testNoAccess(){
- assertThatThrownBy(() -> bean.processCommand("configure pdx --read-serialized=true"))
- .isInstanceOf(SecurityException.class)
- .hasMessageContaining("PDX:CONFIGURE");
- assertThatThrownBy(() -> bean.processCommand("pdx rename --old=com.gemstone --new=com.pivotal --disk-store=ds1 --disk-dirs=/diskDir1"))
- .isInstanceOf(SecurityException.class)
- .hasMessageContaining("DISTRIBUTED_SYSTEM:RENAME");
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/65635fe4/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/QueueCommandsSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/QueueCommandsSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/QueueCommandsSecurityTest.java
deleted file mode 100644
index e9baa41..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/QueueCommandsSecurityTest.java
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.management.internal.security;
-
-import com.gemstone.gemfire.internal.AvailablePort;
-import com.gemstone.gemfire.management.MemberMXBean;
-import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
-import org.junit.Before;
-import org.junit.ClassRule;
-import org.junit.Rule;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
-
-@Category(IntegrationTest.class)
-public class QueueCommandsSecurityTest {
- private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
-
- private MemberMXBean bean;
-
- @ClassRule
- public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
- jmxManagerPort, "cacheServer.json");
-
- @Rule
- public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
-
- @Before
- public void setUp() throws Exception {
- bean = connectionRule.getProxyMBean(MemberMXBean.class);
- }
-
- @JMXConnectionConfiguration(user = "superuser", password = "1234567")
- @Test
- public void testAllAccess(){
- bean.processCommand("create async-event-queue --id=myAEQ --listener=myApp.myListener");
- bean.processCommand("list async-event-queues");
- }
-
- // stranger has no permission granted
- @JMXConnectionConfiguration(user = "stranger", password = "1234567")
- @Test
- public void testNoAccess(){
- assertThatThrownBy(() -> bean.processCommand("create async-event-queue --id=myAEQ --listener=myApp.myListener"))
- .isInstanceOf(SecurityException.class).hasMessageContaining("ASYNC_EVENT_QUEUE:CREATE");
- assertThatThrownBy(() -> bean.processCommand("list async-event-queues"))
- .isInstanceOf(SecurityException.class).hasMessageContaining("ASYNC_EVENT_QUEUE:LIST");
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/65635fe4/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ShellCommandsSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ShellCommandsSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ShellCommandsSecurityTest.java
deleted file mode 100644
index 4d08d1a..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ShellCommandsSecurityTest.java
+++ /dev/null
@@ -1,77 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.management.internal.security;
-
-import com.gemstone.gemfire.internal.AvailablePort;
-import com.gemstone.gemfire.management.MemberMXBean;
-import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
-import org.junit.Before;
-import org.junit.ClassRule;
-import org.junit.Rule;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
-
-@Category(IntegrationTest.class)
-public class ShellCommandsSecurityTest {
- private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
-
- private MemberMXBean bean;
-
- @ClassRule
- public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
- jmxManagerPort, "cacheServer.json");
-
- @Rule
- public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
-
- @Before
- public void setUp() throws Exception {
- bean = connectionRule.getProxyMBean(MemberMXBean.class);
- }
-
- @JMXConnectionConfiguration(user = "superuser", password = "1234567")
- @Test
- public void testAllAccess(){
- bean.processCommand("connect");
- bean.processCommand("debug --state=on");
- bean.processCommand("describe connection");
- bean.processCommand("echo --string=\"Hello World!\"");
- bean.processCommand("encrypt password --password=value");
- bean.processCommand("version");
- bean.processCommand("sleep");
- bean.processCommand("sh ls");
- bean.processCommand("disconnect");
- }
-
- // stranger has no permission granted
- @JMXConnectionConfiguration(user = "stranger", password = "1234567")
- @Test
- public void testNoAccess(){
- assertThatThrownBy(() -> bean.processCommand("connect")).isInstanceOf(SecurityException.class).hasMessageContaining("DISTRIBUTED_SYSTEM:ALL");
- assertThatThrownBy(() -> bean.processCommand("debug --state=on")).isInstanceOf(SecurityException.class).hasMessageContaining("DISTRIBUTED_SYSTEM:ALL");
- assertThatThrownBy(() -> bean.processCommand("describe connection")).isInstanceOf(SecurityException.class).hasMessageContaining("DISTRIBUTED_SYSTEM:ALL");
- assertThatThrownBy(() -> bean.processCommand("disconnect")).isInstanceOf(SecurityException.class).hasMessageContaining("DISTRIBUTED_SYSTEM:ALL");
- assertThatThrownBy(() -> bean.processCommand("echo --string=\"Hello World!\"")).isInstanceOf(SecurityException.class).hasMessageContaining("DISTRIBUTED_SYSTEM:ALL");
- assertThatThrownBy(() -> bean.processCommand("encrypt password --password=value")).isInstanceOf(SecurityException.class).hasMessageContaining("DISTRIBUTED_SYSTEM:ALL");
- assertThatThrownBy(() -> bean.processCommand("version")).isInstanceOf(SecurityException.class).hasMessageContaining("DISTRIBUTED_SYSTEM:ALL");
- assertThatThrownBy(() -> bean.processCommand("sleep")).isInstanceOf(SecurityException.class).hasMessageContaining("DISTRIBUTED_SYSTEM:ALL");
- assertThatThrownBy(() -> bean.processCommand("sh ls")).isInstanceOf(SecurityException.class).hasMessageContaining("DISTRIBUTED_SYSTEM:ALL");
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/65635fe4/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/StatusCommandsSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/StatusCommandsSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/StatusCommandsSecurityTest.java
deleted file mode 100644
index 10101dd..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/StatusCommandsSecurityTest.java
+++ /dev/null
@@ -1,61 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.management.internal.security;
-
-import com.gemstone.gemfire.internal.AvailablePort;
-import com.gemstone.gemfire.management.MemberMXBean;
-import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
-import org.junit.Before;
-import org.junit.ClassRule;
-import org.junit.Rule;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
-
-@Category(IntegrationTest.class)
-public class StatusCommandsSecurityTest {
- private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
-
- private MemberMXBean bean;
-
- @ClassRule
- public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
- jmxManagerPort, "cacheServer.json");
-
- @Rule
- public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
-
- @Before
- public void setUp() throws Exception {
- bean = connectionRule.getProxyMBean(MemberMXBean.class);
- }
-
- @JMXConnectionConfiguration(user = "superuser", password = "1234567")
- @Test
- public void testAllAccess(){
- bean.processCommand("status cluster-config-service");
- }
-
- // stranger has no permission granted
- @JMXConnectionConfiguration(user = "stranger", password = "1234567")
- @Test
- public void testNoAccess(){
- assertThatThrownBy(() -> bean.processCommand("status cluster-config-service")).isInstanceOf(SecurityException.class).hasMessageContaining("CLUSTER_CONFIGURTION:STATUS");
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/65635fe4/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/WanCommandsSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/WanCommandsSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/WanCommandsSecurityTest.java
deleted file mode 100644
index 8c73e8a..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/WanCommandsSecurityTest.java
+++ /dev/null
@@ -1,113 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.management.internal.security;
-
-import com.gemstone.gemfire.internal.AvailablePort;
-import com.gemstone.gemfire.management.MemberMXBean;
-import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
-import org.junit.Before;
-import org.junit.ClassRule;
-import org.junit.Rule;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
-
-@Category(IntegrationTest.class)
-public class WanCommandsSecurityTest {
- private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
-
- private MemberMXBean bean;
-
- @ClassRule
- public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
- jmxManagerPort, "cacheServer.json");
-
- @Rule
- public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
-
- @Before
- public void setUp() throws Exception {
- bean = connectionRule.getProxyMBean(MemberMXBean.class);
- }
-
- @Test
- @JMXConnectionConfiguration(user = "adminUser", password = "1234567")
- public void testAdminUser() throws Exception {
- bean.processCommand("create gateway-sender --id=sender1 --remote-distributed-system-id=2");
- bean.processCommand("start gateway-sender --id=sender1");
- bean.processCommand("pause gateway-sender --id=sender1");
- bean.processCommand("resume gateway-sender --id=sender1");
- bean.processCommand("stop gateway-sender --id=sender1");
- bean.processCommand("load-balance gateway-sender --id=sender1");
- bean.processCommand("list gateways");
- bean.processCommand("create gateway-receiver");
- bean.processCommand("start gateway-receiver");
- bean.processCommand("stop gateway-receiver");
- bean.processCommand("status gateway-receiver");
- }
-
- // dataUser has all the permissions granted, but not to region2 (only to region1)
- @Test
- @JMXConnectionConfiguration(user = "dataUser", password = "1234567")
- public void testNoAccess(){
- assertThatThrownBy(() -> bean.processCommand("create gateway-sender --id=sender1 --remote-distributed-system-id=2"))
- .isInstanceOf(SecurityException.class)
- .hasMessageStartingWith("Access Denied: Not authorized for GATEWAY:MANAGE");
-
- assertThatThrownBy(() -> bean.processCommand("start gateway-sender --id=sender1"))
- .isInstanceOf(SecurityException.class)
- .hasMessageStartingWith("Access Denied: Not authorized for GATEWAY:MANAGE");
-
- assertThatThrownBy(() -> bean.processCommand("pause gateway-sender --id=sender1"))
- .isInstanceOf(SecurityException.class)
- .hasMessageStartingWith("Access Denied: Not authorized for GATEWAY:MANAGE");
-
- assertThatThrownBy(() -> bean.processCommand("resume gateway-sender --id=sender1"))
- .isInstanceOf(SecurityException.class)
- .hasMessageStartingWith("Access Denied: Not authorized for GATEWAY:MANAGE");
-
- assertThatThrownBy(() -> bean.processCommand("stop gateway-sender --id=sender1"))
- .isInstanceOf(SecurityException.class)
- .hasMessageStartingWith("Access Denied: Not authorized for GATEWAY:MANAGE");
-
- assertThatThrownBy(() -> bean.processCommand("load-balance gateway-sender --id=sender1"))
- .isInstanceOf(SecurityException.class)
- .hasMessageStartingWith("Access Denied: Not authorized for GATEWAY:MANAGE");
-
- assertThatThrownBy(() -> bean.processCommand("list gateways"))
- .isInstanceOf(SecurityException.class)
- .hasMessageStartingWith("Access Denied: Not authorized for GATEWAY:LIST");
-
- assertThatThrownBy(() -> bean.processCommand("create gateway-receiver"))
- .isInstanceOf(SecurityException.class)
- .hasMessageStartingWith("Access Denied: Not authorized for GATEWAY:MANAGE");
-
- assertThatThrownBy(() -> bean.processCommand("start gateway-receiver"))
- .isInstanceOf(SecurityException.class)
- .hasMessageStartingWith("Access Denied: Not authorized for GATEWAY:MANAGE");
-
- assertThatThrownBy(() -> bean.processCommand("stop gateway-receiver"))
- .isInstanceOf(SecurityException.class)
- .hasMessageStartingWith("Access Denied: Not authorized for GATEWAY:MANAGE");
-
- assertThatThrownBy(() -> bean.processCommand("status gateway-receiver"))
- .isInstanceOf(SecurityException.class)
- .hasMessageStartingWith("Access Denied: Not authorized for GATEWAY:LIST");
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/65635fe4/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/cacheServer.json
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/cacheServer.json b/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/cacheServer.json
index 0f8df37..dc613e0 100644
--- a/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/cacheServer.json
+++ b/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/cacheServer.json
@@ -3,8 +3,17 @@
{
"name": "admin",
"operationsAllowed": [
+ "ASYNC_EVENT_QUEUE:LIST",
+ "ASYNC_EVENT_QUEUE:MANAGE",
+ "CLUSTER_CONFIGURATION:STATUS",
+ "DISKSTORE:LIST",
+ "DISKSTORE:MANAGE",
+ "DISTRIBUTED_SYSTEM:ALL",
+ "DISTRIBUTED_SYSTEM:LIST",
+ "DISTRIBUTED_SYSTEM:MANAGE",
"GATEWAY:LIST",
- "GATEWAY:MANAGE"
+ "GATEWAY:MANAGE",
+ "PDX:MANAGE"
]
},
{
@@ -43,7 +52,7 @@
"MANAGER:SET_PULSE_URL",
"MANAGER:START",
"MANAGER:STOP",
- "CLUSTER_CONFIGURTION:STATUS",
+ "CLUSTER_CONFIGURATION:STATUS",
"DISTRIBUTED_SYSTEM:ALL",
"DISTRIBUTED_SYSTEM:RENAME",
"DISTRIBUTED_SYSTEM:GC",
@@ -72,7 +81,6 @@
{
"name": "dataUsers",
"operationsAllowed": [
- "DISTRIBUTED_SYSTEM:LIST",
"REGION:GET",
"REGION:REBALANCE",
"REGION:EXPORT",