You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by ji...@apache.org on 2016/03/16 18:25:00 UTC
incubator-geode git commit: GEODE-17: All JMX Bean access needs
JMX:GET permission
Repository: incubator-geode
Updated Branches:
refs/heads/feature/GEODE-17-2 ce4dd4ef7 -> 2f709ffea
GEODE-17: All JMX Bean access needs JMX:GET permission
* added the ResourceOperation annotation to all JMXBean classes
* fix the tests
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/2f709ffe
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/2f709ffe
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/2f709ffe
Branch: refs/heads/feature/GEODE-17-2
Commit: 2f709ffea12ee7f0a9c662f99c8686b7d4ed0293
Parents: ce4dd4e
Author: Jinmei Liao <ji...@pivotal.io>
Authored: Wed Mar 16 10:24:27 2016 -0700
Committer: Jinmei Liao <ji...@pivotal.io>
Committed: Wed Mar 16 10:24:27 2016 -0700
----------------------------------------------------------------------
.../management/AsyncEventQueueMXBean.java | 4 ++
.../gemfire/management/CacheServerMXBean.java | 2 +-
.../gemfire/management/DiskStoreMXBean.java | 1 +
.../DistributedLockServiceMXBean.java | 8 +++-
.../management/DistributedRegionMXBean.java | 4 ++
.../management/DistributedSystemMXBean.java | 1 +
.../management/GatewayReceiverMXBean.java | 2 +-
.../gemfire/management/GatewaySenderMXBean.java | 2 +-
.../gemfire/management/LocatorMXBean.java | 4 ++
.../gemfire/management/LockServiceMXBean.java | 4 +-
.../gemfire/management/ManagerMXBean.java | 1 +
.../gemfire/management/MemberMXBean.java | 5 +--
.../gemfire/management/RegionMXBean.java | 4 ++
.../management/internal/security/Resource.java | 1 +
.../security/AccessControlMBeanJUnitTest.java | 2 +-
.../CacheServerMBeanAuthorizationJUnitTest.java | 32 ++++++++--------
.../GatewaySenderMBeanSecurityTest.java | 14 +++----
.../LockServiceMBeanAuthorizationJUnitTest.java | 15 +++++---
.../security/MemberMBeanSecurityJUnitTest.java | 39 +++++++++++++-------
.../internal/security/cacheServer.json | 4 +-
20 files changed, 94 insertions(+), 55 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/main/java/com/gemstone/gemfire/management/AsyncEventQueueMXBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/AsyncEventQueueMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/AsyncEventQueueMXBean.java
index b4445ac..b69206b 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/AsyncEventQueueMXBean.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/AsyncEventQueueMXBean.java
@@ -17,6 +17,9 @@
package com.gemstone.gemfire.management;
import com.gemstone.gemfire.cache.asyncqueue.AsyncEventQueue;
+import com.gemstone.gemfire.cache.operations.OperationContext;
+import com.gemstone.gemfire.management.internal.security.Resource;
+import com.gemstone.gemfire.management.internal.security.ResourceOperation;
/**
* MBean that provides access to an {@link AsyncEventQueue}.
@@ -25,6 +28,7 @@ import com.gemstone.gemfire.cache.asyncqueue.AsyncEventQueue;
* @since 7.0
*
*/
+@ResourceOperation(resource = Resource.JMX, operation = OperationContext.OperationCode.GET)
public interface AsyncEventQueueMXBean {
/**
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/main/java/com/gemstone/gemfire/management/CacheServerMXBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/CacheServerMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/CacheServerMXBean.java
index 48148f1..4f4f02c 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/CacheServerMXBean.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/CacheServerMXBean.java
@@ -57,7 +57,7 @@ import static com.gemstone.gemfire.cache.operations.OperationContext.OperationCo
* @since 7.0
*
*/
-@ResourceOperation(resource=Resource.DISTRIBUTED_SYSTEM, operation=OperationCode.LIST_DS)
+@ResourceOperation(resource = Resource.JMX, operation = OperationCode.GET)
public interface CacheServerMXBean {
/**
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/main/java/com/gemstone/gemfire/management/DiskStoreMXBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/DiskStoreMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/DiskStoreMXBean.java
index f30a613..e23bc12 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/DiskStoreMXBean.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/DiskStoreMXBean.java
@@ -31,6 +31,7 @@ import static com.gemstone.gemfire.cache.operations.OperationContext.OperationCo
* @since 7.0
*
*/
+@ResourceOperation(resource = Resource.JMX, operation = OperationCode.GET)
public interface DiskStoreMXBean {
/**
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedLockServiceMXBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedLockServiceMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedLockServiceMXBean.java
index 8efa646..65d8f95 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedLockServiceMXBean.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedLockServiceMXBean.java
@@ -16,9 +16,12 @@
*/
package com.gemstone.gemfire.management;
-import java.util.Map;
-
+import com.gemstone.gemfire.cache.operations.OperationContext;
import com.gemstone.gemfire.distributed.DistributedLockService;
+import com.gemstone.gemfire.management.internal.security.Resource;
+import com.gemstone.gemfire.management.internal.security.ResourceOperation;
+
+import java.util.Map;
/**
* MBean that provides access to information for a named instance of {@link DistributedLockService}.
@@ -29,6 +32,7 @@ import com.gemstone.gemfire.distributed.DistributedLockService;
* @since 7.0
*
*/
+@ResourceOperation(resource = Resource.JMX, operation = OperationContext.OperationCode.GET)
public interface DistributedLockServiceMXBean {
/**
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedRegionMXBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedRegionMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedRegionMXBean.java
index 1de4712..9d1e739 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedRegionMXBean.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedRegionMXBean.java
@@ -20,7 +20,10 @@ import com.gemstone.gemfire.cache.CacheListener;
import com.gemstone.gemfire.cache.CacheWriter;
import com.gemstone.gemfire.cache.EvictionAlgorithm;
import com.gemstone.gemfire.cache.Region;
+import com.gemstone.gemfire.cache.operations.OperationContext;
import com.gemstone.gemfire.cache.wan.GatewaySender;
+import com.gemstone.gemfire.management.internal.security.Resource;
+import com.gemstone.gemfire.management.internal.security.ResourceOperation;
/**
* MBean that provides access to information and management functionality for a
@@ -30,6 +33,7 @@ import com.gemstone.gemfire.cache.wan.GatewaySender;
* @since 7.0
*
*/
+@ResourceOperation(resource = Resource.JMX, operation = OperationContext.OperationCode.GET)
public interface DistributedRegionMXBean {
/**
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedSystemMXBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedSystemMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedSystemMXBean.java
index 8af5df7..a53b3fb 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedSystemMXBean.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedSystemMXBean.java
@@ -74,6 +74,7 @@ import static com.gemstone.gemfire.cache.operations.OperationContext.OperationCo
* @since 7.0
*
*/
+@ResourceOperation(resource = Resource.JMX, operation = OperationCode.GET)
public interface DistributedSystemMXBean {
/**
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/main/java/com/gemstone/gemfire/management/GatewayReceiverMXBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/GatewayReceiverMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/GatewayReceiverMXBean.java
index 7e16123..68ab2fd 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/GatewayReceiverMXBean.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/GatewayReceiverMXBean.java
@@ -30,7 +30,7 @@ import static com.gemstone.gemfire.cache.operations.OperationContext.OperationCo
* @since 7.0
*
*/
-
+@ResourceOperation(resource = Resource.JMX, operation = OperationCode.GET)
public interface GatewayReceiverMXBean {
/**
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/main/java/com/gemstone/gemfire/management/GatewaySenderMXBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/GatewaySenderMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/GatewaySenderMXBean.java
index 88f9fac..80d4ea8 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/GatewaySenderMXBean.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/GatewaySenderMXBean.java
@@ -28,7 +28,7 @@ import static com.gemstone.gemfire.cache.operations.OperationContext.OperationCo
* @since 7.0
*
*/
-@ResourceOperation(resource = Resource.GATEWAY_SENDER, operation = OperationCode.GET)
+@ResourceOperation(resource = Resource.JMX, operation = OperationCode.GET)
public interface GatewaySenderMXBean {
/**
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/main/java/com/gemstone/gemfire/management/LocatorMXBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/LocatorMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/LocatorMXBean.java
index 96ffe0f..4412f0b 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/LocatorMXBean.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/LocatorMXBean.java
@@ -16,7 +16,10 @@
*/
package com.gemstone.gemfire.management;
+import com.gemstone.gemfire.cache.operations.OperationContext;
import com.gemstone.gemfire.distributed.Locator;
+import com.gemstone.gemfire.management.internal.security.Resource;
+import com.gemstone.gemfire.management.internal.security.ResourceOperation;
/**
* MBean that provides access to information and management functionality for a
@@ -25,6 +28,7 @@ import com.gemstone.gemfire.distributed.Locator;
* @author rishim
* @since 7.0
*/
+@ResourceOperation(resource = Resource.JMX, operation = OperationContext.OperationCode.GET)
public interface LocatorMXBean {
/**
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/main/java/com/gemstone/gemfire/management/LockServiceMXBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/LockServiceMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/LockServiceMXBean.java
index f6a10a7..e733567 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/LockServiceMXBean.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/LockServiceMXBean.java
@@ -28,11 +28,11 @@ import static com.gemstone.gemfire.cache.operations.OperationContext.OperationCo
* MBean that provides access to information and management functionality for a
* {@link DLockService}. Since any number of DLockService objects can be created
* by a member there may be 0 or more instances of this MBean available.
- *
- * @author rishim
+ *
* @since 7.0
*
*/
+@ResourceOperation(resource = Resource.JMX, operation = OperationCode.GET)
public interface LockServiceMXBean {
/**
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/main/java/com/gemstone/gemfire/management/ManagerMXBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/ManagerMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/ManagerMXBean.java
index 8ae28c3..c65dc3e 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/ManagerMXBean.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/ManagerMXBean.java
@@ -32,6 +32,7 @@ import static com.gemstone.gemfire.cache.operations.OperationContext.OperationCo
* @since 7.0
*
*/
+@ResourceOperation(resource = Resource.JMX, operation = OperationCode.GET)
public interface ManagerMXBean {
/**
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/main/java/com/gemstone/gemfire/management/MemberMXBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/MemberMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/MemberMXBean.java
index 4e95664..f36cc7c 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/MemberMXBean.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/MemberMXBean.java
@@ -136,10 +136,10 @@ import static com.gemstone.gemfire.cache.operations.OperationContext.OperationCo
* <td>Locator is Started in the VM</td>
* </tr>
* </table>
- *
- * @author rishim
+
* @since 7.0
*/
+@ResourceOperation(resource = Resource.JMX, operation = OperationCode.GET)
public interface MemberMXBean {
/**
@@ -283,7 +283,6 @@ public interface MemberMXBean {
/**
* Returns the status.
*/
- @ResourceOperation(resource = Resource.MEMBER, operation = OperationCode.STATUS)
public String status();
/**
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/main/java/com/gemstone/gemfire/management/RegionMXBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/RegionMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/RegionMXBean.java
index dbeb148..0b17f0f 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/RegionMXBean.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/RegionMXBean.java
@@ -20,6 +20,9 @@ import com.gemstone.gemfire.cache.CacheListener;
import com.gemstone.gemfire.cache.CacheWriter;
import com.gemstone.gemfire.cache.EvictionAlgorithm;
import com.gemstone.gemfire.cache.Region;
+import com.gemstone.gemfire.cache.operations.OperationContext;
+import com.gemstone.gemfire.management.internal.security.Resource;
+import com.gemstone.gemfire.management.internal.security.ResourceOperation;
/**
* MBean that provides access to information and management functionality for a
@@ -31,6 +34,7 @@ import com.gemstone.gemfire.cache.Region;
* @since 7.0
*
*/
+@ResourceOperation(resource = Resource.JMX, operation = OperationContext.OperationCode.GET)
public interface RegionMXBean {
/**
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/Resource.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/Resource.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/Resource.java
index 4570501..51018cd 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/Resource.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/Resource.java
@@ -29,6 +29,7 @@ public enum Resource {
GATEWAY_RECEIVER,
GATEWAY_SENDER,
INDEX,
+ JMX,
LOCATOR,
LOCK_SERVICE,
MANAGER,
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AccessControlMBeanJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AccessControlMBeanJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AccessControlMBeanJUnitTest.java
index fef306a..6f8cfbf 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AccessControlMBeanJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AccessControlMBeanJUnitTest.java
@@ -51,7 +51,7 @@ public class AccessControlMBeanJUnitTest {
@Test
@JMXConnectionConfiguration(user = "user", password = "1234567")
public void testAnyAccess() throws Exception {
- assertThat(bean.authorize("DISTRIBUTED_SYSTEM", "LIST_DS")).isEqualTo(true);
+ assertThat(bean.authorize("JMX", "GET")).isEqualTo(true);
assertThat(bean.authorize("INDEX", "DESTROY")).isEqualTo(false);
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java
index 60a49ad..7fa36a3 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java
@@ -48,14 +48,14 @@ public class CacheServerMBeanAuthorizationJUnitTest {
@Test
@JMXConnectionConfiguration(user = "superuser", password = "1234567")
public void testAllAccess() throws Exception {
- cacheServerMXBean.removeIndex("foo"); // "INDEX:DESTROY",
- cacheServerMXBean.executeContinuousQuery("bar"); // CONTNUOUS_QUERY:EXECUTE
- cacheServerMXBean.fetchLoadProbe(); // DISTRIBUTED_SYSTEM:LIST_DS
- cacheServerMXBean.getActiveCQCount(); // DISTRIBUTED_SYSTEM:LIST_DS
- cacheServerMXBean.stopContinuousQuery("bar"); // CONTINUOUS_QUERY:STOP
- cacheServerMXBean.closeAllContinuousQuery("bar"); // CONTINUOUS_QUERY:STOP
- cacheServerMXBean.isRunning(); // DISTRIBUTED_SYSTEM:LIST_DS
- cacheServerMXBean.showClientQueueDetails("foo"); // DISTRIBUTED_SYSTEM:LIST_DS
+ cacheServerMXBean.removeIndex("foo");
+ cacheServerMXBean.executeContinuousQuery("bar");
+ cacheServerMXBean.fetchLoadProbe();
+ cacheServerMXBean.getActiveCQCount();
+ cacheServerMXBean.stopContinuousQuery("bar");
+ cacheServerMXBean.closeAllContinuousQuery("bar");
+ cacheServerMXBean.isRunning();
+ cacheServerMXBean.showClientQueueDetails("foo");
}
@Test
@@ -69,13 +69,13 @@ public class CacheServerMBeanAuthorizationJUnitTest {
@Test
@JMXConnectionConfiguration(user = "stranger", password = "1234567")
public void testNoAccess() throws Exception {
- assertThatThrownBy(() -> cacheServerMXBean.removeIndex("foo")).isInstanceOf(SecurityException.class);
- assertThatThrownBy(() -> cacheServerMXBean.executeContinuousQuery("bar")).isInstanceOf(SecurityException.class);
- assertThatThrownBy(() -> cacheServerMXBean.fetchLoadProbe()).isInstanceOf(SecurityException.class);
- assertThatThrownBy(() -> cacheServerMXBean.getActiveCQCount()).isInstanceOf(SecurityException.class);
- assertThatThrownBy(() -> cacheServerMXBean.stopContinuousQuery("bar")).isInstanceOf(SecurityException.class);
- assertThatThrownBy(() -> cacheServerMXBean.closeAllContinuousQuery("bar")).isInstanceOf(SecurityException.class);
- assertThatThrownBy(() -> cacheServerMXBean.isRunning()).isInstanceOf(SecurityException.class);
- assertThatThrownBy(() -> cacheServerMXBean.showClientQueueDetails("bar")).isInstanceOf(SecurityException.class);
+ assertThatThrownBy(() -> cacheServerMXBean.removeIndex("foo")).isInstanceOf(SecurityException.class).hasMessageContaining("INDEX:DESTROY");
+ assertThatThrownBy(() -> cacheServerMXBean.executeContinuousQuery("bar")).isInstanceOf(SecurityException.class).hasMessageContaining("CONTINUOUS_QUERY:EXECUTE");
+ assertThatThrownBy(() -> cacheServerMXBean.fetchLoadProbe()).isInstanceOf(SecurityException.class).hasMessageContaining("JMX:GET");
+ assertThatThrownBy(() -> cacheServerMXBean.getActiveCQCount()).isInstanceOf(SecurityException.class).hasMessageContaining("JMX:GET");
+ assertThatThrownBy(() -> cacheServerMXBean.stopContinuousQuery("bar")).isInstanceOf(SecurityException.class).hasMessageContaining("ONTINUOUS_QUERY:STOP");
+ assertThatThrownBy(() -> cacheServerMXBean.closeAllContinuousQuery("bar")).isInstanceOf(SecurityException.class).hasMessageContaining("ONTINUOUS_QUERY:STOP");
+ assertThatThrownBy(() -> cacheServerMXBean.isRunning()).isInstanceOf(SecurityException.class).hasMessageContaining("JMX:GET");
+ assertThatThrownBy(() -> cacheServerMXBean.showClientQueueDetails("bar")).isInstanceOf(SecurityException.class).hasMessageContaining("JMX:GET");
}
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java
index b553898..a934a09 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java
@@ -88,13 +88,13 @@ public class GatewaySenderMBeanSecurityTest {
@Test
@JMXConnectionConfiguration(user = "stranger", password = "1234567")
public void testNoAccess() throws Exception {
- assertThatThrownBy(() -> bean.getAlertThreshold()).hasMessageStartingWith("Access Denied: Not authorized for GATEWAY_SENDER:GET");
- assertThatThrownBy(() -> bean.getAverageDistributionTimePerBatch()).hasMessageStartingWith("Access Denied: Not authorized for GATEWAY_SENDER:GET");
- assertThatThrownBy(() -> bean.getBatchSize()).hasMessageStartingWith("Access Denied: Not authorized for GATEWAY_SENDER:GET");
- assertThatThrownBy(() -> bean.getMaximumQueueMemory()).hasMessageStartingWith("Access Denied: Not authorized for GATEWAY_SENDER:GET");
- assertThatThrownBy(() -> bean.getOrderPolicy()).hasMessageStartingWith("Access Denied: Not authorized for GATEWAY_SENDER:GET");
- assertThatThrownBy(() -> bean.isBatchConflationEnabled()).hasMessageStartingWith("Access Denied: Not authorized for GATEWAY_SENDER:GET");
- assertThatThrownBy(() -> bean.isManualStart()).hasMessageStartingWith("Access Denied: Not authorized for GATEWAY_SENDER:GET");
+ assertThatThrownBy(() -> bean.getAlertThreshold()).hasMessageStartingWith("Access Denied: Not authorized for JMX:GET");
+ assertThatThrownBy(() -> bean.getAverageDistributionTimePerBatch()).hasMessageStartingWith("Access Denied: Not authorized for JMX:GET");
+ assertThatThrownBy(() -> bean.getBatchSize()).hasMessageStartingWith("Access Denied: Not authorized for JMX:GET");
+ assertThatThrownBy(() -> bean.getMaximumQueueMemory()).hasMessageStartingWith("Access Denied: Not authorized for JMX:GET");
+ assertThatThrownBy(() -> bean.getOrderPolicy()).hasMessageStartingWith("Access Denied: Not authorized for JMX:GET");
+ assertThatThrownBy(() -> bean.isBatchConflationEnabled()).hasMessageStartingWith("Access Denied: Not authorized for JMX:GET");
+ assertThatThrownBy(() -> bean.isManualStart()).hasMessageStartingWith("Access Denied: Not authorized for JMX:GET");
assertThatThrownBy(() -> bean.pause()).hasMessageStartingWith("Access Denied: Not authorized for GATEWAY_SENDER:PAUSE");
assertThatThrownBy(() -> bean.rebalance()).hasMessageStartingWith("Access Denied: Not authorized for GATEWAY_SENDER:REBALANCE");
assertThatThrownBy(() -> bean.resume()).hasMessageStartingWith("Access Denied: Not authorized for GATEWAY_SENDER:RESUME");
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java
index 9803083..c0e1a8b 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java
@@ -18,13 +18,10 @@ package com.gemstone.gemfire.management.internal.security;
import com.gemstone.gemfire.cache.Cache;
import com.gemstone.gemfire.cache.CacheFactory;
-import com.gemstone.gemfire.distributed.DistributedLockService;
import com.gemstone.gemfire.distributed.internal.InternalDistributedSystem;
import com.gemstone.gemfire.distributed.internal.locks.DLockService;
import com.gemstone.gemfire.internal.AvailablePort;
-import com.gemstone.gemfire.management.CacheServerMXBean;
import com.gemstone.gemfire.management.LockServiceMXBean;
-import com.gemstone.gemfire.test.dunit.Host;
import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
import org.junit.AfterClass;
import org.junit.Before;
@@ -68,7 +65,11 @@ public class LockServiceMBeanAuthorizationJUnitTest {
@Test
@JMXConnectionConfiguration(user = "superuser", password = "1234567")
public void testAllAccess() throws Exception {
- lockServiceMBean.becomeLockGrantor(); // "INDEX:DESTROY",
+ lockServiceMBean.becomeLockGrantor();
+ lockServiceMBean.fetchGrantorMember();
+ lockServiceMBean.getMemberCount();
+ lockServiceMBean.isDistributed();
+ lockServiceMBean.listThreadsHoldingLock();
}
@Test
@@ -81,6 +82,10 @@ public class LockServiceMBeanAuthorizationJUnitTest {
@Test
@JMXConnectionConfiguration(user = "stranger", password = "1234567")
public void testNoAccess() throws Exception {
- assertThatThrownBy(() -> lockServiceMBean.becomeLockGrantor()).isInstanceOf(SecurityException.class);
+ assertThatThrownBy(() -> lockServiceMBean.becomeLockGrantor()).isInstanceOf(SecurityException.class).hasMessageContaining("LOCK_SERVICE:BECOME_LOCK_GRANTOR");
+ assertThatThrownBy(() -> lockServiceMBean.fetchGrantorMember()).isInstanceOf(SecurityException.class).hasMessageContaining("JMX:GET");
+ assertThatThrownBy(() -> lockServiceMBean.getMemberCount()).isInstanceOf(SecurityException.class).hasMessageContaining("JMX:GET");
+ assertThatThrownBy(() -> lockServiceMBean.isDistributed()).isInstanceOf(SecurityException.class).hasMessageContaining("JMX:GET");
+ assertThatThrownBy(() -> lockServiceMBean.listThreadsHoldingLock()).isInstanceOf(SecurityException.class).hasMessageContaining("JMX:GET");
}
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MemberMBeanSecurityJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MemberMBeanSecurityJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MemberMBeanSecurityJUnitTest.java
index b310d2d..33136f3 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MemberMBeanSecurityJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MemberMBeanSecurityJUnitTest.java
@@ -48,24 +48,35 @@ public class MemberMBeanSecurityJUnitTest {
@Test
@JMXConnectionConfiguration(user = "superuser", password = "1234567")
public void testAllAccess() throws Exception {
- bean.shutDownMember(); // MEMBER:SHUTDOWN
- bean.compactAllDiskStores(); // DISKSTORE:COMPACT
- bean.createManager(); // MANAGER:CREATE
- bean.fetchJvmThreads(); // DEFAULT:LIST_DS
- bean.getName(); // DEFAULT:LIST_DS
- bean.getDiskStores(); // DEFAULT:LIST_DS
- bean.hasGatewayReceiver(); // DEFAULT:LIST_DS
- bean.isCacheServer(); // DEFAULT:LIST_DS
- bean.isServer(); // DEFAULT:LIST_DS
- bean.listConnectedGatewayReceivers(); // DEFAULT:LIST_DS
- bean.processCommand("create region --name=Region_A"); // REGION:CREATE
- bean.showJVMMetrics(); // DEFAULT:LIST_DS
- bean.status(); // DEFAULT:LIST_DS
+ bean.shutDownMember();
+ bean.compactAllDiskStores();
+ bean.createManager();
+ bean.fetchJvmThreads();
+ bean.getName();
+ bean.getDiskStores();
+ bean.hasGatewayReceiver();
+ bean.isCacheServer();
+ bean.isServer();
+ bean.listConnectedGatewayReceivers();
+ bean.processCommand("create region --name=Region_A");
+ bean.showJVMMetrics();
+ bean.status();
}
@Test
@JMXConnectionConfiguration(user = "stranger", password = "1234567")
public void testNoAccess() throws Exception {
- assertThatThrownBy(() -> bean.shutDownMember()).isInstanceOf(SecurityException.class);
+ assertThatThrownBy(() -> bean.shutDownMember()).isInstanceOf(SecurityException.class).hasMessageContaining("MEMBER:SHUTDOWN");
+ assertThatThrownBy(() -> bean.createManager()).hasMessageContaining("MANAGER:CREATE");
+ assertThatThrownBy(() -> bean.fetchJvmThreads()).hasMessageContaining("JMX:GET");
+ assertThatThrownBy(() -> bean.getName()).hasMessageContaining("JMX:GET");
+ assertThatThrownBy(() -> bean.getDiskStores()).hasMessageContaining("JMX:GET");
+ assertThatThrownBy(() -> bean.hasGatewayReceiver()).hasMessageContaining("JMX:GET");
+ assertThatThrownBy(() -> bean.isCacheServer()).hasMessageContaining("JMX:GET");
+ assertThatThrownBy(() -> bean.isServer()).hasMessageContaining("JMX:GET");
+ assertThatThrownBy(() -> bean.listConnectedGatewayReceivers()).hasMessageContaining("JMX:GET");
+ assertThatThrownBy(() -> bean.processCommand("create region --name=Region_A")).hasMessageContaining("REGION:CREATE");
+ assertThatThrownBy(() -> bean.showJVMMetrics()).hasMessageContaining("JMX:GET");
+ assertThatThrownBy(() -> bean.status()).hasMessageContaining("JMX:GET");
}
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/2f709ffe/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/cacheServer.json
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/cacheServer.json b/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/cacheServer.json
index c1e552d..99a0ba3 100644
--- a/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/cacheServer.json
+++ b/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/cacheServer.json
@@ -20,7 +20,7 @@
"REGION:GET",
"REGION:DELETE",
"LOCK_SERVICE:BECOME_LOCK_GRANTOR",
- "GATEWAY_SENDER:GET",
+ "JMX:GET",
"GATEWAY_SENDER:PAUSE",
"GATEWAY_SENDER:REBALANCE",
"GATEWAY_SENDER:RESUME",
@@ -36,7 +36,7 @@
{
"name": "something",
"operationsAllowed": [
- "DISTRIBUTED_SYSTEM:LIST_DS"
+ "JMX:GET"
]
},
{