You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by kl...@apache.org on 2015/12/22 20:26:25 UTC
[23/35] incubator-geode git commit: GEM-164: move the security tests
in gemfire-test module inside the com.gemstone.gemfire.security packages to
the open side.
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a622d6ec/gemfire-core/src/test/java/com/gemstone/gemfire/security/SecurityTestUtil.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/test/java/com/gemstone/gemfire/security/SecurityTestUtil.java b/gemfire-core/src/test/java/com/gemstone/gemfire/security/SecurityTestUtil.java
new file mode 100644
index 0000000..6cb515a
--- /dev/null
+++ b/gemfire-core/src/test/java/com/gemstone/gemfire/security/SecurityTestUtil.java
@@ -0,0 +1,1871 @@
+package com.gemstone.gemfire.security;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.PrintStream;
+import java.lang.reflect.Field;
+import java.lang.reflect.Modifier;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+import java.util.Set;
+
+import javax.net.ServerSocketFactory;
+import javax.net.SocketFactory;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLContextSpi;
+import javax.net.ssl.SSLServerSocketFactory;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+
+import com.gemstone.gemfire.LogWriter;
+import com.gemstone.gemfire.cache.AttributesFactory;
+import com.gemstone.gemfire.cache.Cache;
+import com.gemstone.gemfire.cache.CacheFactory;
+import com.gemstone.gemfire.cache.DataPolicy;
+import com.gemstone.gemfire.cache.DynamicRegionFactory;
+import com.gemstone.gemfire.cache.Region;
+import com.gemstone.gemfire.cache.RegionAttributes;
+import com.gemstone.gemfire.cache.Scope;
+import com.gemstone.gemfire.cache.client.NoAvailableServersException;
+import com.gemstone.gemfire.cache.client.Pool;
+import com.gemstone.gemfire.cache.client.PoolFactory;
+import com.gemstone.gemfire.cache.client.PoolManager;
+import com.gemstone.gemfire.cache.client.ServerConnectivityException;
+import com.gemstone.gemfire.cache.client.ServerOperationException;
+import com.gemstone.gemfire.cache.client.ServerRefusedConnectionException;
+import com.gemstone.gemfire.cache.client.internal.PoolImpl;
+import com.gemstone.gemfire.cache.client.internal.ProxyCache;
+import com.gemstone.gemfire.cache.execute.Execution;
+import com.gemstone.gemfire.cache.execute.Function;
+import com.gemstone.gemfire.cache.execute.FunctionException;
+import com.gemstone.gemfire.cache.execute.FunctionService;
+import com.gemstone.gemfire.cache.query.Query;
+import com.gemstone.gemfire.cache.query.QueryInvocationTargetException;
+import com.gemstone.gemfire.cache.query.SelectResults;
+import com.gemstone.gemfire.cache.server.CacheServer;
+import com.gemstone.gemfire.cache30.ClientServerTestCase;
+import com.gemstone.gemfire.distributed.DistributedSystem;
+import com.gemstone.gemfire.distributed.Locator;
+import com.gemstone.gemfire.distributed.internal.DistributionConfig;
+import com.gemstone.gemfire.distributed.internal.InternalDistributedSystem;
+import com.gemstone.gemfire.internal.AvailablePort;
+import com.gemstone.gemfire.internal.logging.InternalLogWriter;
+import com.gemstone.gemfire.internal.logging.PureLogWriter;
+import com.gemstone.gemfire.internal.util.Callable;
+
+import dunit.DistributedTestCase;
+
+/**
+ * Contains utility methods for setting up servers/clients for authentication
+ * and authorization tests.
+ *
+ * @author sumedh
+ * @since 5.5
+ */
+public class SecurityTestUtil extends DistributedTestCase {
+
+ public SecurityTestUtil(String name) {
+ super(name);
+ }
+
+ private static Locator locator = null;
+
+ private static Cache cache = null;
+
+ private static Properties currentJavaProps = null;
+
+ private static String locatorString = null;
+
+ private static Integer mcastPort = null;
+
+ public static final int NO_EXCEPTION = 0;
+
+ public static final int AUTHREQ_EXCEPTION = 1;
+
+ public static final int AUTHFAIL_EXCEPTION = 2;
+
+ public static final int CONNREFUSED_EXCEPTION = 3;
+
+ public static final int NOTAUTHZ_EXCEPTION = 4;
+
+ public static final int OTHER_EXCEPTION = 5;
+
+ public static final int NO_AVAILABLE_SERVERS = 6;
+
+ // Indicates that AuthReqException may not necessarily be thrown
+ public static final int NOFORCE_AUTHREQ_EXCEPTION = 16;
+
+ protected static final String regionName = "AuthRegion";
+
+ protected static final String[] keys = { "key1", "key2", "key3", "key4",
+ "key5", "key6", "key7", "key8" };
+
+ protected static final String[] values = { "value1", "value2", "value3",
+ "value4", "value5", "value6", "value7", "value8" };
+
+ protected static final String[] nvalues = { "nvalue1", "nvalue2", "nvalue3",
+ "nvalue4", "nvalue5", "nvalue6", "nvalue7", "nvalue8" };
+
+ static String[] expectedExceptions = null;
+
+ private static Pool pool = null;
+
+ private static boolean multiUserAuthMode = false;
+
+ private static final int numberOfUsers = 1;
+
+ static ProxyCache[] proxyCaches = new ProxyCache[numberOfUsers];
+
+ private static Region regionRef = null;
+
+ public static void addExpectedExceptions(String[] expectedExceptions,
+ LogWriter logger) {
+ if (expectedExceptions != null) {
+ for (int index = 0; index < expectedExceptions.length; index++) {
+ logger.info("<ExpectedException action=add>"
+ + expectedExceptions[index] + "</ExpectedException>");
+ }
+ }
+ }
+
+ public static void removeExpectedExceptions(String[] expectedExceptions,
+ LogWriter logger) {
+ if (expectedExceptions != null) {
+ for (int index = 0; index < expectedExceptions.length; index++) {
+ logger.info("<ExpectedException action=remove>"
+ + expectedExceptions[index] + "</ExpectedException>");
+ }
+ }
+ }
+
+ public static void setJavaProps(Properties javaProps) {
+
+ removeJavaProperties(currentJavaProps);
+ addJavaProperties(javaProps);
+ currentJavaProps = javaProps;
+ }
+
+ public DistributedSystem createSystem(Properties sysProps, Properties javaProps) {
+
+ closeCache();
+ clearStaticSSLContext();
+ setJavaProps(javaProps);
+
+ DistributedSystem dsys = getSystem(sysProps);
+ assertNotNull(dsys);
+ addExpectedExceptions(SecurityTestUtil.expectedExceptions, system
+ .getLogWriter());
+ return dsys;
+ }
+
+ void openCache() {
+
+ assertNotNull(system);
+ assertTrue(system.isConnected());
+ cache = CacheFactory.create(system);
+ assertNotNull(cache);
+ }
+
+ private static void initClientDynamicRegionFactory(String poolName) {
+
+ DynamicRegionFactory.get().open(
+ new DynamicRegionFactory.Config(null, poolName, false,true));
+ }
+
+ public static void initDynamicRegionFactory() {
+
+ DynamicRegionFactory.get().open(
+ new DynamicRegionFactory.Config(null, null, false, true));
+ }
+
+ public static Integer getLocatorPort() {
+
+ Integer locatorPort = new Integer(AvailablePort
+ .getRandomAvailablePort(AvailablePort.SOCKET));
+ String addr = DistributedTestCase.getIPLiteral();
+ if (locatorString == null) {
+ locatorString = addr + "[" + locatorPort + ']';
+ }
+ else {
+ locatorString += "," + addr + "[" + locatorPort + ']';
+ }
+ return locatorPort;
+ }
+
+ /**
+ * Note that this clears the string after returning for convenience in reusing
+ * for other tests. Hence it should normally be invoked only once for a test.
+ */
+ public static String getLocatorString() {
+
+ String locString = locatorString;
+ locatorString = null;
+ return locString;
+ }
+
+ public static Properties concatProperties(Properties[] propsList) {
+
+ Properties props = new Properties();
+ for (int index = 0; index < propsList.length; ++index) {
+ if (propsList[index] != null) {
+ props.putAll(propsList[index]);
+ }
+ }
+ return props;
+ }
+
+ public static void registerExpectedExceptions(String[] expectedExceptions) {
+ SecurityTestUtil.expectedExceptions = expectedExceptions;
+ }
+
+ private static void addJavaProperties(Properties javaProps) {
+
+ if (javaProps != null) {
+ Iterator iter = javaProps.entrySet().iterator();
+ while (iter.hasNext()) {
+ Map.Entry entry = (Map.Entry)iter.next();
+ System.setProperty((String)entry.getKey(), (String)entry.getValue());
+ }
+ }
+ }
+
+ private static void removeJavaProperties(Properties javaProps) {
+
+ if (javaProps != null) {
+ Properties props = System.getProperties();
+ Iterator iter = javaProps.keySet().iterator();
+ while (iter.hasNext()) {
+ props.remove(iter.next());
+ }
+ System.setProperties(props);
+ }
+ }
+
+ public static Integer createCacheServer(Properties authProps,
+ Object javaProps, Integer dsPort, String locatorString,
+ Integer serverPort, Integer expectedResult) {
+
+ return createCacheServer(authProps, javaProps, dsPort, locatorString,
+ serverPort, Boolean.FALSE, expectedResult);
+ }
+
+ public static Integer createCacheServer(Properties authProps,
+ Object javaProps, Integer locatorPort, String locatorString,
+ Integer serverPort, Boolean setupDynamicRegionFactory,
+ Integer expectedResult) {
+
+ if (authProps == null) {
+ authProps = new Properties();
+ }
+ authProps.setProperty(DistributionConfig.MCAST_PORT_NAME, "0");
+ if (locatorString != null && locatorString.length() > 0) {
+ authProps.setProperty(DistributionConfig.LOCATORS_NAME, locatorString);
+ if (locatorPort != null) {
+ authProps.setProperty(DistributionConfig.START_LOCATOR_NAME,
+ DistributedTestCase.getIPLiteral() + "[" + locatorPort.toString() + ']');
+ }
+ } else {
+ authProps.setProperty("locators", "localhost["+getDUnitLocatorPort()+"]");
+ }
+ authProps.setProperty(DistributionConfig.SECURITY_LOG_LEVEL_NAME, "finest");
+ getLogWriter().info("Set the server properties to: " + authProps);
+ getLogWriter().info("Set the java properties to: " + javaProps);
+
+ SecurityTestUtil tmpInstance = new SecurityTestUtil("temp");
+ try {
+ tmpInstance.createSystem(authProps, (Properties)javaProps);
+ if (expectedResult.intValue() != NO_EXCEPTION) {
+ fail("Expected a security exception when starting peer");
+ }
+ }
+ catch (AuthenticationRequiredException ex) {
+ if (expectedResult.intValue() == AUTHREQ_EXCEPTION) {
+ getLogWriter().info("Got expected exception when starting peer: " + ex);
+ return new Integer(0);
+ }
+ else {
+ fail("Got unexpected exception when starting peer", ex);
+ }
+ }
+ catch (AuthenticationFailedException ex) {
+ if (expectedResult.intValue() == AUTHFAIL_EXCEPTION) {
+ getLogWriter().info("Got expected exception when starting peer: " + ex);
+ return new Integer(0);
+ }
+ else {
+ fail("Got unexpected exception when starting peer", ex);
+ }
+ }
+ catch (Exception ex) {
+ fail("Got unexpected exception when starting peer", ex);
+ }
+
+ if (setupDynamicRegionFactory.booleanValue()) {
+ initDynamicRegionFactory();
+ }
+ tmpInstance.openCache();
+ AttributesFactory factory = new AttributesFactory();
+ factory.setScope(Scope.DISTRIBUTED_ACK);
+ factory.setDataPolicy(DataPolicy.REPLICATE);
+ RegionAttributes attrs = factory.create();
+ cache.createRegion(regionName, attrs);
+ int port;
+ if (serverPort == null || serverPort.intValue() <= 0) {
+ port = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
+ }
+ else {
+ port = serverPort.intValue();
+ }
+ CacheServer server1 = cache.addCacheServer();
+ server1.setPort(port);
+ server1.setNotifyBySubscription(true);
+ try {
+ server1.start();
+ }
+ catch (Exception ex) {
+ fail("Got unexpected exception when starting CacheServer", ex);
+ }
+ return new Integer(server1.getPort());
+ }
+
+ public static void createCacheClient(String authInitModule,
+ Properties authProps, Properties javaProps, Integer[] ports,
+ Object numConnections, Integer expectedResult) {
+ createCacheClient(authInitModule, authProps, javaProps, ports,
+ numConnections, "false", expectedResult);
+ }
+
+ public static void createCacheClient(String authInitModule,
+ Properties authProps, Properties javaProps, Integer[] ports,
+ Object numConnections, String multiUserMode, Integer expectedResult) {
+ createCacheClient(authInitModule, authProps, javaProps, ports,
+ (Integer)numConnections, Boolean.FALSE, multiUserMode, expectedResult);
+ }
+
+ public static void createCacheClient(String authInitModule,
+ Properties authProps, Properties javaProps, Integer[] ports,
+ Integer numConnections, Boolean setupDynamicRegionFactory,
+ Integer expectedResult) {
+ createCacheClient(authInitModule, authProps, javaProps, ports,
+ numConnections, setupDynamicRegionFactory, "false", expectedResult);
+ }
+
+ public static void createCacheClient(String authInitModule,
+ Properties authProps, Properties javaProps, Integer[] ports,
+ Integer numConnections, Boolean setupDynamicRegionFactory,
+ String multiUserMode, Integer expectedResult) {
+ createCacheClient(authInitModule, authProps, javaProps, ports,
+ numConnections, setupDynamicRegionFactory, multiUserMode, Boolean.TRUE,
+ expectedResult);
+ }
+
+ public static void createCacheClient(String authInitModule,
+ Properties authProps, Properties javaProps, Integer[] ports,
+ Integer numConnections, Boolean setupDynamicRegionFactory,
+ String multiUserMode, Boolean subscriptionEnabled,
+ Integer expectedResult) {
+
+ multiUserAuthMode = Boolean.valueOf(multiUserMode);
+ if (authProps == null) {
+ authProps = new Properties();
+ }
+ authProps.setProperty(DistributionConfig.MCAST_PORT_NAME, "0");
+ authProps.setProperty(DistributionConfig.LOCATORS_NAME, "");
+ authProps.setProperty(DistributionConfig.SECURITY_LOG_LEVEL_NAME, "finest");
+ // TODO (ashetkar) Add " && (!multiUserAuthMode)" below.
+ if (authInitModule != null) {
+ authProps.setProperty(DistributionConfig.SECURITY_CLIENT_AUTH_INIT_NAME,
+ authInitModule);
+ }
+
+ SecurityTestUtil tmpInstance = new SecurityTestUtil("temp");
+ tmpInstance.createSystem(authProps, javaProps);
+ AttributesFactory factory = new AttributesFactory();
+ int[] portsI = new int[ports.length];
+ for(int z=0;z<ports.length;z++) {
+ portsI[z] = ports[z].intValue();
+ }
+
+ try {
+ PoolFactory poolFactory = PoolManager.createFactory();
+ poolFactory.setRetryAttempts(200);
+ if (multiUserAuthMode) {
+ poolFactory.setMultiuserAuthentication(multiUserAuthMode);
+ // [sumedh] Why is this false here only to be overridden in
+ // ClientServerTestCase.configureConnectionPoolWithNameAndFactory below?
+ // Actually setting it to false causes MultiuserAPIDUnitTest to fail.
+ //poolFactory.setSubscriptionEnabled(false);
+ }
+ pool = ClientServerTestCase.configureConnectionPoolWithNameAndFactory(factory,
+ DistributedTestCase.getIPLiteral(), portsI, subscriptionEnabled, 0,
+ numConnections == null ? -1 : numConnections.intValue(), null, null,
+ poolFactory);
+
+ if (setupDynamicRegionFactory.booleanValue()) {
+ initClientDynamicRegionFactory(pool.getName());
+ }
+ tmpInstance.openCache();
+ try {
+ getLogWriter().info("multi-user mode " + multiUserAuthMode);
+ proxyCaches[0] = (ProxyCache)((PoolImpl) pool).createAuthenticatedCacheView(authProps);
+ if (!multiUserAuthMode) {
+ fail("Expected a UnsupportedOperationException but got none in single-user mode");
+ }
+ } catch (UnsupportedOperationException uoe) {
+ if (!multiUserAuthMode) {
+ getLogWriter().info("Got expected UnsupportedOperationException in single-user mode");
+ }
+ else {
+ fail("Got unexpected exception in multi-user mode ", uoe);
+ }
+ }
+
+ factory.setScope(Scope.LOCAL);
+ if (multiUserAuthMode) {
+ factory.setDataPolicy(DataPolicy.EMPTY);
+ }
+ RegionAttributes attrs = factory.create();
+ cache.createRegion(regionName, attrs);
+
+ if (expectedResult.intValue() != NO_EXCEPTION
+ && expectedResult.intValue() != NOFORCE_AUTHREQ_EXCEPTION) {
+ if (!multiUserAuthMode) {
+ fail("Expected an exception when starting client");
+ }
+ }
+ }
+ catch (AuthenticationRequiredException ex) {
+ if (expectedResult.intValue() == AUTHREQ_EXCEPTION
+ || expectedResult.intValue() == NOFORCE_AUTHREQ_EXCEPTION) {
+ getLogWriter().info(
+ "Got expected exception when starting client: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when starting client", ex);
+ }
+ }
+ catch (AuthenticationFailedException ex) {
+ if (expectedResult.intValue() == AUTHFAIL_EXCEPTION) {
+ getLogWriter().info(
+ "Got expected exception when starting client: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when starting client", ex);
+ }
+ }
+ catch (ServerRefusedConnectionException ex) {
+ if (expectedResult.intValue() == CONNREFUSED_EXCEPTION) {
+ getLogWriter().info(
+ "Got expected exception when starting client: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when starting client", ex);
+ }
+ }
+ catch (Exception ex) {
+ fail("Got unexpected exception when starting client", ex);
+ }
+ }
+
+ public static void createCacheClientForMultiUserMode(Integer numOfUsers,
+ String authInitModule, Properties[] authProps, Properties javaProps,
+ Integer[] ports, Integer numConnections,
+ Boolean setupDynamicRegionFactory, Integer expectedResult) {
+ createCacheClientForMultiUserMode(numOfUsers, authInitModule, authProps,
+ javaProps, ports, numConnections, setupDynamicRegionFactory, null,
+ expectedResult);
+ }
+
+ public static void createCacheClientForMultiUserMode(Integer numOfUsers,
+ String authInitModule, Properties[] authProps, Properties javaProps,
+ Integer[] ports, Integer numConnections,
+ Boolean setupDynamicRegionFactory, String durableClientId,
+ Integer expectedResult) {
+
+ if (numOfUsers == null || numOfUsers < 1) {
+ fail("Number of users cannot be less than one");
+ }
+ multiUserAuthMode = true;
+ // Assert that number of users == length of arrays of the provided params
+// if (numOfUsers != authInitModules.length) {
+// fail("Number of authInitModules provided does not match with numOfUsers specified, "
+// + authInitModules.length);
+// }
+ if (numOfUsers != authProps.length) {
+ fail("Number of authProps provided does not match with numOfUsers specified, "
+ + authProps.length);
+ }
+// if (numOfUsers != javaProps.length) {
+// fail("Number of javaProps provided does not match with numOfUsers specified, "
+// + javaProps.length);
+// }
+// if (numOfUsers != expectedResult.length) {
+// fail("Number of expectedResult provided does not match with numOfUsers specified, "
+// + expectedResult.length);
+// }
+ if (authProps[0] == null) {
+ authProps[0] = new Properties();
+ }
+ authProps[0].setProperty(DistributionConfig.MCAST_PORT_NAME, "0");
+ authProps[0].setProperty(DistributionConfig.LOCATORS_NAME, "");
+ authProps[0].setProperty(DistributionConfig.SECURITY_LOG_LEVEL_NAME,
+ "finest");
+ Properties props = new Properties();
+ if (authInitModule != null) {
+ authProps[0].setProperty(
+ DistributionConfig.SECURITY_CLIENT_AUTH_INIT_NAME, authInitModule);
+ props.setProperty(DistributionConfig.SECURITY_CLIENT_AUTH_INIT_NAME,
+ authInitModule);
+ }
+ if (durableClientId != null) {
+ props.setProperty(DistributionConfig.DURABLE_CLIENT_ID_NAME,
+ durableClientId);
+ props.setProperty(DistributionConfig.DURABLE_CLIENT_TIMEOUT_NAME, String
+ .valueOf(DistributionConfig.DEFAULT_DURABLE_CLIENT_TIMEOUT));
+ }
+
+ SecurityTestUtil tmpInstance = new SecurityTestUtil("temp");
+ tmpInstance.createSystem(props, javaProps);
+ AttributesFactory factory = new AttributesFactory();
+ int[] portsI = new int[ports.length];
+ for(int z=0;z<ports.length;z++) {
+ portsI[z] = ports[z].intValue();
+ }
+
+ try {
+ tmpInstance.openCache();
+ PoolFactory poolFactory = PoolManager.createFactory();
+ poolFactory.setRetryAttempts(200);
+ poolFactory.setMultiuserAuthentication(multiUserAuthMode);
+ poolFactory.setSubscriptionEnabled(true);
+ pool = ClientServerTestCase.configureConnectionPoolWithNameAndFactory(factory,
+ DistributedTestCase.getIPLiteral(), portsI, true, 1,
+ numConnections == null ? -1 : numConnections.intValue(), null, null,
+ poolFactory);
+
+ if (setupDynamicRegionFactory.booleanValue()) {
+ initClientDynamicRegionFactory(pool.getName());
+ }
+ proxyCaches = new ProxyCache[numOfUsers];
+ for (int i=0; i<numOfUsers; i++) {
+ proxyCaches[i] = (ProxyCache)((PoolImpl) pool).createAuthenticatedCacheView(authProps[i]);
+ }
+
+ factory.setScope(Scope.LOCAL);
+ factory.setDataPolicy(DataPolicy.EMPTY);
+ RegionAttributes attrs = factory.create();
+ cache.createRegion(regionName, attrs);
+
+ if (expectedResult.intValue() != NO_EXCEPTION
+ && expectedResult.intValue() != NOFORCE_AUTHREQ_EXCEPTION) {
+ if (!multiUserAuthMode) {
+ fail("Expected an exception when starting client");
+ }
+ }
+ }
+ catch (AuthenticationRequiredException ex) {
+ if (expectedResult.intValue() == AUTHREQ_EXCEPTION
+ || expectedResult.intValue() == NOFORCE_AUTHREQ_EXCEPTION) {
+ getLogWriter().info(
+ "Got expected exception when starting client: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when starting client", ex);
+ }
+ }
+ catch (AuthenticationFailedException ex) {
+ if (expectedResult.intValue() == AUTHFAIL_EXCEPTION) {
+ getLogWriter().info(
+ "Got expected exception when starting client: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when starting client", ex);
+ }
+ }
+ catch (ServerRefusedConnectionException ex) {
+ if (expectedResult.intValue() == CONNREFUSED_EXCEPTION) {
+ getLogWriter().info(
+ "Got expected exception when starting client: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when starting client", ex);
+ }
+ }
+ catch (Exception ex) {
+ fail("Got unexpected exception when starting client", ex);
+ }
+ }
+
+ public static void createProxyCache(Integer[] userIndices, Properties[] props) {
+ int j = 0;
+ for (int i : userIndices) {
+ SecurityTestUtil.proxyCaches[i] = (ProxyCache)((PoolImpl) SecurityTestUtil.pool)
+ .createAuthenticatedCacheView(props[j]);
+ j++;
+ }
+ }
+
+ public static void stopCacheServers() {
+ Iterator iter = getCache().getCacheServers().iterator();
+ if (iter.hasNext()) {
+ CacheServer server = (CacheServer)iter.next();
+ server.stop();
+ assertFalse(server.isRunning());
+ }
+ }
+
+ public static void restartCacheServers() {
+ Iterator iter = getCache().getCacheServers().iterator();
+ if (iter.hasNext()) {
+ CacheServer server = (CacheServer)iter.next();
+ try {
+ server.start();
+ }
+ catch (Exception ex) {
+ fail("Unexpected exception when restarting cache servers", ex);
+ }
+ assertTrue(server.isRunning());
+ }
+ }
+
+ public static void startLocator(String name, Integer port, Object extraProps,
+ Object javaProps, String[] expectedExceptions) {
+
+ File logFile = new File(name + "-locator" + port.intValue() + ".log");
+ try {
+ Properties authProps = new Properties();
+ if (extraProps != null) {
+ authProps.putAll((Properties)extraProps);
+ }
+ authProps.setProperty(DistributionConfig.MCAST_PORT_NAME, "0");
+ authProps.setProperty(DistributionConfig.LOCATORS_NAME,
+ DistributedTestCase.getIPLiteral() + "[" + port + "]");
+ authProps.setProperty(DistributionConfig.ENABLE_CLUSTER_CONFIGURATION_NAME, "false");
+ clearStaticSSLContext();
+ setJavaProps((Properties)javaProps);
+ FileOutputStream logOut = new FileOutputStream(logFile);
+ PrintStream logStream = new PrintStream(logOut);
+ LogWriter logger = new PureLogWriter(InternalLogWriter.CONFIG_LEVEL,
+ logStream);
+ addExpectedExceptions(expectedExceptions, logger);
+ logStream.flush();
+ locator = Locator.startLocatorAndDS(port.intValue(), logFile, null,
+ authProps);
+ }
+ catch (IOException ex) {
+ fail("While starting locator on port " + port.intValue(), ex);
+ }
+ }
+
+ public static void stopLocator(Integer port, String[] expectedExceptions) {
+
+ try {
+ locator.stop();
+ removeExpectedExceptions(expectedExceptions, locator
+ .getDistributedSystem().getLogWriter());
+ }
+ catch (Exception ex) {
+ fail("While stopping locator on port " + port.intValue(), ex);
+ }
+ }
+
+ public static Cache getCache() {
+ return cache;
+ }
+
+ // Some useful region methods used by security tests
+
+ public static void waitForCondition(Callable cond) {
+ waitForCondition(cond, 100, 120);
+ }
+
+ public static void waitForCondition(final Callable cond, int sleepMillis,
+ int numTries) {
+ WaitCriterion ev = new WaitCriterion() {
+ public boolean done() {
+ try {
+ return ((Boolean)cond.call()).booleanValue();
+ }
+ catch (Exception e) {
+ fail("Unexpected exception", e);
+ }
+ return false; // NOTREACHED
+ }
+ public String description() {
+ return null;
+ }
+ };
+ DistributedTestCase.waitForCriterion(ev, sleepMillis * numTries, 200, true);
+ }
+
+ public static Object getLocalValue(Region region, Object key) {
+
+ Region.Entry entry = region.getEntry(key);
+ return (entry != null ? entry.getValue() : null);
+ }
+
+ public static void doProxyCacheClose() {
+ for (int i=0; i<proxyCaches.length; i++) {
+ proxyCaches[i].close();
+ }
+ }
+
+ private static void doPutsP(Integer num, Integer expectedResult,
+ boolean newVals) {
+ doPutsP(num, Integer.valueOf(0), expectedResult, newVals);
+ }
+
+ private static void doPutsP(Integer num, Integer multiUserIndex,
+ Integer expectedResult, boolean newVals) {
+
+ assertTrue(num.intValue() <= keys.length);
+ Region region = null;
+ try {
+ if (multiUserAuthMode) {
+ region = proxyCaches[multiUserIndex].getRegion(regionName);
+ regionRef = region;
+ }
+ else {
+ region = getCache().getRegion(regionName);
+ }
+ assertNotNull(region);
+ }
+ catch (Exception ex) {
+ if (expectedResult.intValue() == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing puts: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when doing puts", ex);
+ }
+ }
+ for (int index = 0; index < num.intValue(); ++index) {
+ try {
+ if (newVals) {
+ region.put(keys[index], nvalues[index]);
+ }
+ else {
+ region.put(keys[index], values[index]);
+ }
+ if (expectedResult.intValue() != NO_EXCEPTION) {
+ fail("Expected a NotAuthorizedException while doing puts");
+ }
+ }
+ catch(NoAvailableServersException ex) {
+ if(expectedResult.intValue() == SecurityTestUtil.NO_AVAILABLE_SERVERS) {
+ getLogWriter().info(
+ "Got expected NoAvailableServers when doing puts: "
+ + ex.getCause());
+ continue;
+ }
+ else {
+ fail("Got unexpected exception when doing puts", ex);
+ }
+ }
+ catch (ServerConnectivityException ex) {
+ if ((expectedResult.intValue() == NOTAUTHZ_EXCEPTION)
+ && (ex.getCause() instanceof NotAuthorizedException)) {
+ getLogWriter().info(
+ "Got expected NotAuthorizedException when doing puts: "
+ + ex.getCause());
+ continue;
+ }
+ if ((expectedResult.intValue() == AUTHREQ_EXCEPTION)
+ && (ex.getCause() instanceof AuthenticationRequiredException)) {
+ getLogWriter().info(
+ "Got expected AuthenticationRequiredException when doing puts: "
+ + ex.getCause());
+ continue;
+ }
+ if ((expectedResult.intValue() == AUTHFAIL_EXCEPTION)
+ && (ex.getCause() instanceof AuthenticationFailedException)) {
+ getLogWriter().info(
+ "Got expected AuthenticationFailedException when doing puts: "
+ + ex.getCause());
+ continue;
+ }
+ else if (expectedResult.intValue() == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing puts: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when doing puts", ex);
+ }
+ }
+ catch (Exception ex) {
+ if (expectedResult.intValue() == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing puts: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when doing puts", ex);
+ }
+ }
+ }
+ }
+
+ private static void doGetAllP(Integer multiUserIndex,
+ Integer expectedResult, boolean useTX) {
+ Region region = null;
+ try {
+ if (multiUserAuthMode) {
+ region = proxyCaches[multiUserIndex].getRegion(regionName);
+ }
+ else {
+ region = getCache().getRegion(regionName);
+ }
+ assertNotNull(region);
+ }
+ catch (Exception ex) {
+ if (expectedResult.intValue() == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing getAll: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when doing getAll", ex);
+ }
+ }
+ try {
+ List keys = new ArrayList();
+ keys.add("key1");
+ keys.add("key2");
+ if (useTX) {
+ getCache().getCacheTransactionManager().begin();
+ }
+ Map entries = region.getAll(keys);
+ // Also check getEntry()
+ region.getEntry("key1");
+ if (useTX) {
+ getCache().getCacheTransactionManager().commit();
+ }
+ assertNotNull(entries);
+ if ((expectedResult.intValue() == NOTAUTHZ_EXCEPTION)) {
+ assertEquals(0, entries.size());
+ } else if ((expectedResult.intValue() == NO_EXCEPTION)) {
+ assertEquals(2, entries.size());
+ assertEquals("value1", entries.get("key1"));
+ assertEquals("value2", entries.get("key2"));
+ }
+ } catch (NoAvailableServersException ex) {
+ if (expectedResult.intValue() == SecurityTestUtil.NO_AVAILABLE_SERVERS) {
+ getLogWriter().info(
+ "Got expected NoAvailableServers when doing getAll: "
+ + ex.getCause());
+ } else {
+ fail("Got unexpected exception when doing getAll", ex);
+ }
+ } catch (ServerConnectivityException ex) {
+ if ((expectedResult.intValue() == NOTAUTHZ_EXCEPTION)
+ && (ex.getCause() instanceof NotAuthorizedException)) {
+ getLogWriter().info(
+ "Got expected NotAuthorizedException when doing getAll: "
+ + ex.getCause());
+ } else if (expectedResult.intValue() == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing getAll: " + ex);
+ } else {
+ fail("Got unexpected exception when doing getAll", ex);
+ }
+ } catch (Exception ex) {
+ if (expectedResult.intValue() == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing getAll: " + ex);
+ } else {
+ fail("Got unexpected exception when doing getAll", ex);
+ }
+ }
+ }
+
+ private static void doGetsP(Integer num, Integer expectedResult,
+ boolean newVals) {
+ doGetsP(num, Integer.valueOf(0), expectedResult, newVals);
+ }
+
+ private static void doGetsP(Integer num, Integer multiUserIndex,
+ Integer expectedResult, boolean newVals) {
+
+ assertTrue(num.intValue() <= keys.length);
+ Region region = null;
+ try {
+ if (multiUserAuthMode) {
+ region = proxyCaches[multiUserIndex].getRegion(regionName);
+ }
+ else {
+ region = getCache().getRegion(regionName);
+ }
+ assertNotNull(region);
+ }
+ catch (Exception ex) {
+ if (expectedResult.intValue() == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing gets: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when doing gets", ex);
+ }
+ }
+ for (int index = 0; index < num.intValue(); ++index) {
+ Object value = null;
+ try {
+ try {
+ region.localInvalidate(keys[index]);
+ }
+ catch (Exception ex) {
+ }
+ value = region.get(keys[index]);
+ if (expectedResult.intValue() != NO_EXCEPTION) {
+ fail("Expected a NotAuthorizedException while doing gets");
+ }
+ }
+ catch(NoAvailableServersException ex) {
+ if(expectedResult.intValue() == SecurityTestUtil.NO_AVAILABLE_SERVERS) {
+ getLogWriter().info(
+ "Got expected NoAvailableServers when doing gets: "
+ + ex.getCause());
+ continue;
+ }
+ else {
+ fail("Got unexpected exception when doing gets", ex);
+ }
+ }
+ catch (ServerConnectivityException ex) {
+ if ((expectedResult.intValue() == NOTAUTHZ_EXCEPTION)
+ && (ex.getCause() instanceof NotAuthorizedException)) {
+ getLogWriter().info(
+ "Got expected NotAuthorizedException when doing gets: "
+ + ex.getCause());
+ continue;
+ }
+ else if (expectedResult.intValue() == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing gets: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when doing gets", ex);
+ }
+ }
+ catch (Exception ex) {
+ if (expectedResult.intValue() == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing gets: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when doing gets", ex);
+ }
+ }
+ assertNotNull(value);
+ if (newVals) {
+ assertEquals(nvalues[index], value);
+ }
+ else {
+ assertEquals(values[index], value);
+ }
+ }
+ }
+
+ private static void doLocalGetsP(int num, boolean checkNVals) {
+
+ assertTrue(num <= keys.length);
+ String[] vals = values;
+ if (checkNVals) {
+ vals = nvalues;
+ }
+ final Region region = getCache().getRegion(regionName);
+ assertNotNull(region);
+ for (int index = 0; index < num; ++index) {
+ final String key = keys[index];
+ final String expectedVal = vals[index];
+ waitForCondition(new Callable() {
+ public Object call() throws Exception {
+ Object value = getLocalValue(region, key);
+ return Boolean.valueOf(expectedVal.equals(value));
+ }
+ }, 1000, 30 / num);
+ }
+ for (int index = 0; index < num; ++index) {
+ Region.Entry entry = region.getEntry(keys[index]);
+ assertNotNull(entry);
+ assertEquals(vals[index], entry.getValue());
+ }
+ }
+
+ private static void doRegionDestroysP(Integer multiuserIndex,
+ Integer expectedResult) {
+ Region region = null;
+ try {
+ if (multiUserAuthMode) {
+ region = proxyCaches[multiuserIndex].getRegion(regionName);
+ } else {
+ region = getCache().getRegion(regionName);
+ }
+ assertNotNull(region);
+ } catch (Exception ex) {
+ if (expectedResult.intValue() == OTHER_EXCEPTION) {
+ getLogWriter().info(
+ "Got expected exception when doing region destroy: " + ex);
+ } else {
+ fail("Got unexpected exception when doing region destroy", ex);
+ }
+ }
+
+ try {
+ region.destroyRegion();
+ if (expectedResult.intValue() != NO_EXCEPTION) {
+ fail("Expected a NotAuthorizedException while doing region destroy");
+ }
+ if (multiUserAuthMode) {
+ region = proxyCaches[multiuserIndex].getRegion(regionName);
+ } else {
+ region = getCache().getRegion(regionName);
+ }
+ assertNull(region);
+ } catch (NoAvailableServersException ex) {
+ if (expectedResult.intValue() == SecurityTestUtil.NO_AVAILABLE_SERVERS) {
+ getLogWriter().info(
+ "Got expected NoAvailableServers when doing region destroy: "
+ + ex.getCause());
+ } else {
+ fail("Got unexpected exception when doing region destroy", ex);
+ }
+ } catch (ServerConnectivityException ex) {
+ if ((expectedResult.intValue() == NOTAUTHZ_EXCEPTION)
+ && (ex.getCause() instanceof NotAuthorizedException)) {
+ getLogWriter().info(
+ "Got expected NotAuthorizedException when doing region destroy: "
+ + ex.getCause());
+ } else if (expectedResult.intValue() == OTHER_EXCEPTION) {
+ getLogWriter().info(
+ "Got expected exception when doing region destroy: " + ex);
+ } else {
+ fail("Got unexpected exception when doing region destroy", ex);
+ }
+ } catch (Exception ex) {
+ if (expectedResult.intValue() == OTHER_EXCEPTION) {
+ getLogWriter().info(
+ "Got expected exception when doing region destroy: " + ex);
+ } else {
+ fail("Got unexpected exception when doing region destroy", ex);
+ }
+ }
+ }
+
+ private static void doDestroysP(Integer num, Integer multiUserIndex,
+ Integer expectedResult, boolean newVals) {
+
+ assertTrue(num.intValue() <= keys.length);
+ Region region = null;
+ try {
+ if (multiUserAuthMode) {
+ region = proxyCaches[multiUserIndex].getRegion(regionName);
+ }
+ else {
+ region = getCache().getRegion(regionName);
+ }
+ assertNotNull(region);
+ }
+ catch (Exception ex) {
+ if (expectedResult.intValue() == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing destroys: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when doing destroys", ex);
+ }
+ }
+ for (int index = 0; index < num.intValue(); ++index) {
+ try {
+ region.destroy(keys[index]);
+ if (expectedResult.intValue() != NO_EXCEPTION) {
+ fail("Expected a NotAuthorizedException while doing destroys");
+ }
+ }
+ catch(NoAvailableServersException ex) {
+ if(expectedResult.intValue() == SecurityTestUtil.NO_AVAILABLE_SERVERS) {
+ getLogWriter().info(
+ "Got expected NoAvailableServers when doing destroys: "
+ + ex.getCause());
+ continue;
+ }
+ else {
+ fail("Got unexpected exception when doing destroys", ex);
+ }
+ }
+ catch (ServerConnectivityException ex) {
+ if ((expectedResult.intValue() == NOTAUTHZ_EXCEPTION)
+ && (ex.getCause() instanceof NotAuthorizedException)) {
+ getLogWriter().info(
+ "Got expected NotAuthorizedException when doing destroys: "
+ + ex.getCause());
+ continue;
+ }
+ else if (expectedResult.intValue() == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing destroys: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when doing destroys", ex);
+ }
+ }
+ catch (Exception ex) {
+ if (expectedResult.intValue() == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing destroys: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when doing destroys", ex);
+ }
+ }
+ }
+ }
+
+ private static void doInvalidatesP(Integer num, Integer multiUserIndex,
+ Integer expectedResult, boolean newVals) {
+
+ assertTrue(num.intValue() <= keys.length);
+ Region region = null;
+ try {
+ if (multiUserAuthMode) {
+ region = proxyCaches[multiUserIndex].getRegion(regionName);
+ }
+ else {
+ region = getCache().getRegion(regionName);
+ }
+ assertNotNull(region);
+ }
+ catch (Exception ex) {
+ if (expectedResult.intValue() == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing invalidates: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when doing invalidates", ex);
+ }
+ }
+ for (int index = 0; index < num.intValue(); ++index) {
+ try {
+ region.invalidate(keys[index]);
+ if (expectedResult.intValue() != NO_EXCEPTION) {
+ fail("Expected a NotAuthorizedException while doing invalidates");
+ }
+ }
+ catch(NoAvailableServersException ex) {
+ if(expectedResult.intValue() == SecurityTestUtil.NO_AVAILABLE_SERVERS) {
+ getLogWriter().info(
+ "Got expected NoAvailableServers when doing invalidates: "
+ + ex.getCause());
+ continue;
+ }
+ else {
+ fail("Got unexpected exception when doing invalidates", ex);
+ }
+ }
+ catch (ServerConnectivityException ex) {
+ if ((expectedResult.intValue() == NOTAUTHZ_EXCEPTION)
+ && (ex.getCause() instanceof NotAuthorizedException)) {
+ getLogWriter().info(
+ "Got expected NotAuthorizedException when doing invalidates: "
+ + ex.getCause());
+ continue;
+ }
+ else if (expectedResult.intValue() == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing invalidates: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when doing invalidates", ex);
+ }
+ }
+ catch (Exception ex) {
+ if (expectedResult.intValue() == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing invalidates: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when doing invalidates", ex);
+ }
+ }
+ }
+ }
+
+ private static void doContainsKeysP(Integer num, Integer multiUserIndex,
+ Integer expectedResult, boolean newVals, boolean expectedValue) {
+
+ assertTrue(num.intValue() <= keys.length);
+ Region region = null;
+ try {
+ if (multiUserAuthMode) {
+ region = proxyCaches[multiUserIndex].getRegion(regionName);
+ }
+ else {
+ region = getCache().getRegion(regionName);
+ }
+ assertNotNull(region);
+ }
+ catch (Exception ex) {
+ if (expectedResult.intValue() == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing containsKey: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when doing containsKey", ex);
+ }
+ }
+ for (int index = 0; index < num.intValue(); ++index) {
+ boolean result = false;
+ try {
+ result = region.containsKeyOnServer(keys[index]);
+ if (expectedResult.intValue() != NO_EXCEPTION) {
+ fail("Expected a NotAuthorizedException while doing containsKey");
+ }
+ }
+ catch(NoAvailableServersException ex) {
+ if(expectedResult.intValue() == SecurityTestUtil.NO_AVAILABLE_SERVERS) {
+ getLogWriter().info(
+ "Got expected NoAvailableServers when doing containsKey: "
+ + ex.getCause());
+ continue;
+ }
+ else {
+ fail("Got unexpected exception when doing containsKey", ex);
+ }
+ }
+ catch (ServerConnectivityException ex) {
+ if ((expectedResult.intValue() == NOTAUTHZ_EXCEPTION)
+ && (ex.getCause() instanceof NotAuthorizedException)) {
+ getLogWriter().info(
+ "Got expected NotAuthorizedException when doing containsKey: "
+ + ex.getCause());
+ continue;
+ }
+ else if (expectedResult.intValue() == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing containsKey: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when doing containsKey", ex);
+ }
+ }
+ catch (Exception ex) {
+ if (expectedResult.intValue() == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing containsKey: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when doing containsKey", ex);
+ }
+ }
+ assertEquals(expectedValue, result);
+ }
+ }
+
+ private static void doQueriesP(Integer multiUserIndex,
+ Integer expectedResult, Integer expectedValue) {
+ Region region = null;
+ try {
+ if (multiUserAuthMode) {
+ region = proxyCaches[multiUserIndex].getRegion(regionName);
+ } else {
+ region = getCache().getRegion(regionName);
+ }
+ assertNotNull(region);
+ } catch (Exception ex) {
+ if (expectedResult.intValue() == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing queries: " + ex);
+ } else {
+ fail("Got unexpected exception when doing queries", ex);
+ }
+ }
+ String queryStr = "SELECT DISTINCT * FROM " + region.getFullPath();
+ try {
+ SelectResults queryResults = region.query(queryStr);
+ Set resultSet = queryResults.asSet();
+ assertEquals(expectedValue.intValue(), resultSet.size());
+ if (expectedResult.intValue() != NO_EXCEPTION) {
+ fail("Expected a NotAuthorizedException while doing queries");
+ }
+ } catch (NoAvailableServersException ex) {
+ if (expectedResult.intValue() == SecurityTestUtil.NO_AVAILABLE_SERVERS) {
+ getLogWriter().info(
+ "Got expected NoAvailableServers when doing queries: "
+ + ex.getCause());
+ } else {
+ fail("Got unexpected exception when doing queries", ex);
+ }
+ } catch (ServerConnectivityException ex) {
+ if ((expectedResult.intValue() == NOTAUTHZ_EXCEPTION)
+ && (ex.getCause() instanceof NotAuthorizedException)) {
+ getLogWriter().info(
+ "Got expected NotAuthorizedException when doing queries: "
+ + ex.getCause());
+ } else if (expectedResult.intValue() == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing queries: " + ex);
+ } else {
+ fail("Got unexpected exception when doing queries", ex);
+ }
+ } catch (QueryInvocationTargetException qite) {
+ if ((expectedResult.intValue() == NOTAUTHZ_EXCEPTION)
+ && (qite.getCause() instanceof NotAuthorizedException)) {
+ getLogWriter().info(
+ "Got expected NotAuthorizedException when doing queries: "
+ + qite.getCause());
+ } else if (expectedResult.intValue() == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing queries: " + qite);
+ } else {
+ fail("Got unexpected exception when doing queries", qite);
+ }
+ } catch (Exception ex) {
+ if (expectedResult.intValue() == OTHER_EXCEPTION) {
+ getLogWriter().info("Got expected exception when doing queries: " + ex);
+ } else {
+ fail("Got unexpected exception when doing queries", ex);
+ }
+ }
+ }
+
+ private static void doFunctionExecuteP(Integer multiUserIndex,
+ Function function, Integer expectedResult, Object expectedValue,
+ String method) {
+ Region region = null;
+ try {
+ if (multiUserAuthMode) {
+ region = proxyCaches[multiUserIndex].getRegion(regionName);
+ } else {
+ region = getCache().getRegion(regionName);
+ }
+ assertNotNull(region);
+ } catch (Exception ex) {
+ if (expectedResult.intValue() == OTHER_EXCEPTION) {
+ getLogWriter().info(
+ "Got expected exception when executing function: " + ex);
+ } else {
+ fail("Got unexpected exception when executing function", ex);
+ }
+ }
+ try {
+ FunctionService.registerFunction(function);
+ Execution execution = null;
+ if ("region".equals(method)) {
+ execution = FunctionService.onRegion(region);
+ } else if ("server".equals(method)) {
+ if (multiUserAuthMode) {
+ execution = FunctionService.onServer(proxyCaches[multiUserIndex]);
+ } else {
+ execution = FunctionService.onServer(pool);
+ }
+ } else { // if ("servers".equals(method)) {
+ if (multiUserAuthMode) {
+ execution = FunctionService.onServers(proxyCaches[multiUserIndex]);
+ } else {
+ execution = FunctionService.onServers(pool);
+ }
+ }
+ execution.execute(function.getId());
+ if (expectedResult.intValue() != NO_EXCEPTION) {
+ fail("Expected a NotAuthorizedException while executing function");
+ }
+ } catch (NoAvailableServersException ex) {
+ if (expectedResult.intValue() == SecurityTestUtil.NO_AVAILABLE_SERVERS) {
+ getLogWriter().info(
+ "Got expected NoAvailableServers when executing function: "
+ + ex.getCause());
+ } else {
+ fail("Got unexpected exception when executing function", ex);
+ }
+ } catch (ServerConnectivityException ex) {
+ if ((expectedResult.intValue() == NOTAUTHZ_EXCEPTION)
+ && (ex.getCause() instanceof NotAuthorizedException)) {
+ getLogWriter().info(
+ "Got expected NotAuthorizedException when executing function: "
+ + ex.getCause());
+ } else if (expectedResult.intValue() == OTHER_EXCEPTION) {
+ getLogWriter().info(
+ "Got expected exception when executing function: " + ex);
+ } else {
+ fail("Got unexpected exception when executing function", ex);
+ }
+ } catch (FunctionException ex) {
+ if ((expectedResult.intValue() == NOTAUTHZ_EXCEPTION)
+ && ((ex.getCause() instanceof NotAuthorizedException) || ((ex
+ .getCause() instanceof ServerOperationException) && (((ServerOperationException)ex
+ .getCause()).getCause() instanceof NotAuthorizedException)))) {
+ getLogWriter().info(
+ "Got expected NotAuthorizedException when executing function: "
+ + ex.getCause());
+ } else if (expectedResult.intValue() == OTHER_EXCEPTION) {
+ getLogWriter().info(
+ "Got expected exception when executing function: " + ex);
+ } else {
+ fail("Got unexpected exception when executing function", ex);
+ }
+ } catch (Exception ex) {
+ if (expectedResult.intValue() == OTHER_EXCEPTION) {
+ getLogWriter().info(
+ "Got expected exception when executing function: " + ex);
+ } else {
+ fail("Got unexpected exception when executing function", ex);
+ }
+ }
+ }
+
+ private static void doQueryExecuteP(Integer multiUserIndex,
+ Integer expectedResult, Integer expectedValue) {
+ Region region = null;
+ try {
+ if (multiUserAuthMode) {
+ region = proxyCaches[multiUserIndex].getRegion(regionName);
+ } else {
+ region = getCache().getRegion(regionName);
+ }
+ assertNotNull(region);
+ } catch (Exception ex) {
+ if (expectedResult.intValue() == OTHER_EXCEPTION) {
+ getLogWriter().info(
+ "Got expected exception when executing query: " + ex);
+ } else {
+ fail("Got unexpected exception when executing query", ex);
+ }
+ }
+ try {
+ String queryString = "SELECT DISTINCT * FROM " + region.getFullPath();
+ Query query = null;
+ if (multiUserAuthMode) {
+ query = proxyCaches[multiUserIndex].getQueryService().newQuery(queryString);
+ }
+ else {
+ region.getCache().getQueryService().newQuery(queryString);
+ }
+ SelectResults result = (SelectResults)query.execute();
+ if (expectedResult.intValue() != NO_EXCEPTION) {
+ fail("Expected a NotAuthorizedException while executing function");
+ }
+ assertEquals(expectedValue.intValue(), result.asList().size());
+ } catch (NoAvailableServersException ex) {
+ if (expectedResult.intValue() == SecurityTestUtil.NO_AVAILABLE_SERVERS) {
+ getLogWriter().info(
+ "Got expected NoAvailableServers when executing query: "
+ + ex.getCause());
+ } else {
+ fail("Got unexpected exception when executing query", ex);
+ }
+ } catch (ServerConnectivityException ex) {
+ if ((expectedResult.intValue() == NOTAUTHZ_EXCEPTION)
+ && (ex.getCause() instanceof NotAuthorizedException)) {
+ getLogWriter().info(
+ "Got expected NotAuthorizedException when executing query: "
+ + ex.getCause());
+ } else if (expectedResult.intValue() == OTHER_EXCEPTION) {
+ getLogWriter().info(
+ "Got expected exception when executing query: " + ex);
+ } else {
+ fail("Got unexpected exception when executing query", ex);
+ }
+ } catch (Exception ex) {
+ if (expectedResult.intValue() == OTHER_EXCEPTION) {
+ getLogWriter().info(
+ "Got expected exception when executing query: " + ex);
+ } else {
+ fail("Got unexpected exception when executing query", ex);
+ }
+ }
+ }
+
+ public static void doPuts(Integer num) {
+
+ doPutsP(num, new Integer(NO_EXCEPTION), false);
+ }
+
+ public static void doPuts(Integer num, Integer expectedResult) {
+
+ doPutsP(num, expectedResult, false);
+ }
+
+ public static void doMultiUserPuts(Integer num, Integer numOfUsers,
+ Integer[] expectedResults) {
+ if (numOfUsers != expectedResults.length) {
+ fail("SecurityTestUtil.doMultiUserPuts(): numOfUsers = " + numOfUsers
+ + ", but expected results " + expectedResults.length);
+ }
+ for (int i = 0; i < numOfUsers; i++) {
+ getLogWriter().info("PUT: MultiUser# " + i);
+ doPutsP(num, Integer.valueOf(i), expectedResults[i], false);
+ }
+ }
+
+ public static void doGets(Integer num) {
+
+ doGetsP(num, new Integer(NO_EXCEPTION), false);
+ }
+
+ public static void doGets(Integer num, Integer expectedResult) {
+
+ doGetsP(num, expectedResult, false);
+ }
+
+ public static void doMultiUserGetAll(Integer numOfUsers, Integer[] expectedResults) {
+ doMultiUserGetAll(numOfUsers, expectedResults, false);
+ }
+
+ public static void doMultiUserGetAll(Integer numOfUsers,
+ Integer[] expectedResults, boolean useTX) {
+ if (numOfUsers != expectedResults.length) {
+ fail("SecurityTestUtil.doMultiUserGetAll(): numOfUsers = " + numOfUsers
+ + ", but expected results " + expectedResults.length);
+ }
+ for (int i = 0; i < numOfUsers; i++) {
+ getLogWriter().info(
+ "GET_ALL" + (useTX ? " in TX" : "") + ": MultiUser# " + i);
+ doGetAllP(Integer.valueOf(i), expectedResults[i], useTX);
+ }
+ }
+
+ public static void doMultiUserGets(Integer num, Integer numOfUsers,
+ Integer[] expectedResults) {
+ if (numOfUsers != expectedResults.length) {
+ fail("SecurityTestUtil.doMultiUserGets(): numOfUsers = " + numOfUsers
+ + ", but expected results " + expectedResults.length);
+ }
+ for (int i = 0; i < numOfUsers; i++) {
+ getLogWriter().info("GET: MultiUser# " + i);
+ doGetsP(num, Integer.valueOf(i), expectedResults[i], false);
+ }
+ }
+
+ public static void doMultiUserRegionDestroys(Integer numOfUsers,
+ Integer[] expectedResults) {
+ if (numOfUsers != expectedResults.length) {
+ fail("SecurityTestUtil.doMultiUserRegionDestroys(): numOfUsers = " + numOfUsers
+ + ", but expected results " + expectedResults.length);
+ }
+ for (int i = numOfUsers-1; i >= 0; i--) {
+ getLogWriter().info("DESTROY: MultiUser# " + i);
+ doRegionDestroysP(Integer.valueOf(i), expectedResults[i]);
+ }
+ }
+
+ public static void doMultiUserDestroys(Integer num, Integer numOfUsers,
+ Integer[] expectedResults) {
+ if (numOfUsers != expectedResults.length) {
+ fail("SecurityTestUtil.doMultiUserDestroys(): numOfUsers = " + numOfUsers
+ + ", but expected results " + expectedResults.length);
+ }
+ for (int i = 0; i < numOfUsers; i++) {
+ getLogWriter().info("DESTROY: MultiUser# " + i);
+ doDestroysP(num, Integer.valueOf(i), expectedResults[i], false);
+ }
+ }
+
+ public static void doMultiUserInvalidates(Integer num, Integer numOfUsers,
+ Integer[] expectedResults) {
+ if (numOfUsers != expectedResults.length) {
+ fail("SecurityTestUtil.doMultiUserInvalidates(): numOfUsers = " + numOfUsers
+ + ", but expected results " + expectedResults.length);
+ }
+ for (int i = 0; i < numOfUsers; i++) {
+ getLogWriter().info("INVALIDATE: MultiUser# " + i);
+ doInvalidatesP(num, Integer.valueOf(i), expectedResults[i], false);
+ }
+ }
+
+ public static void doMultiUserContainsKeys(Integer num, Integer numOfUsers,
+ Integer[] expectedResults, Boolean[] results) {
+ if (numOfUsers != expectedResults.length) {
+ fail("SecurityTestUtil.doMultiUserContainsKeys(): numOfUsers = " + numOfUsers
+ + ", but #expected results " + expectedResults.length);
+ }
+ if (numOfUsers != results.length) {
+ fail("SecurityTestUtil.doMultiUserContainsKeys(): numOfUsers = " + numOfUsers
+ + ", but #expected output " + results.length);
+ }
+ for (int i = 0; i < numOfUsers; i++) {
+ getLogWriter().info("CONTAINS_KEY: MultiUser# " + i);
+ doContainsKeysP(num, Integer.valueOf(i), expectedResults[i], false, results[i]);
+ }
+ }
+
+ public static void doMultiUserQueries(Integer numOfUsers,
+ Integer[] expectedResults, Integer valueSize) {
+ if (numOfUsers != expectedResults.length) {
+ fail("SecurityTestUtil.doMultiUserQueries(): numOfUsers = " + numOfUsers
+ + ", but #expected results " + expectedResults.length);
+ }
+ for (int i = 0; i < numOfUsers; i++) {
+ getLogWriter().info("QUERY: MultiUser# " + i);
+ doQueriesP(Integer.valueOf(i), expectedResults[i], valueSize);
+ }
+ }
+
+ public static void doMultiUserFE(Integer numOfUsers, Function function,
+ Integer[] expectedResults, Object[] results, Boolean isFailoverCase) {
+ if (numOfUsers != expectedResults.length) {
+ fail("SecurityTestUtil.doMultiUserFE(): numOfUsers = " + numOfUsers
+ + ", but #expected results " + expectedResults.length);
+ }
+ if (numOfUsers != results.length) {
+ fail("SecurityTestUtil.doMultiUserFE(): numOfUsers = " + numOfUsers
+ + ", but #expected output " + results.length);
+ }
+ for (int i = 0; i < numOfUsers; i++) {
+ getLogWriter().info("FunctionExecute:onRegion MultiUser# " + i);
+ doFunctionExecuteP(Integer.valueOf(i), function, expectedResults[i], results[i], "region");
+ }
+ for (int i = 0; i < numOfUsers; i++) {
+ getLogWriter().info("FunctionExecute:onServer MultiUser# " + i);
+ doFunctionExecuteP(Integer.valueOf(i), function, expectedResults[i], results[i], "server");
+ }
+ if (!isFailoverCase) {
+ for (int i = 0; i < numOfUsers; i++) {
+ getLogWriter().info("FunctionExecute:onServers MultiUser# " + i);
+ doFunctionExecuteP(Integer.valueOf(i), function, expectedResults[i],
+ results[i], "servers");
+ }
+ }
+ }
+
+ public static void doMultiUserQueryExecute(Integer numOfUsers,
+ Integer[] expectedResults, Integer result) {
+ if (numOfUsers != expectedResults.length) {
+ fail("SecurityTestUtil.doMultiUserFE(): numOfUsers = " + numOfUsers
+ + ", but #expected results " + expectedResults.length);
+ }
+ for (int i = 0; i < numOfUsers; i++) {
+ getLogWriter().info("QueryExecute: MultiUser# " + i);
+ doQueryExecuteP(Integer.valueOf(i), expectedResults[i], result);
+ }
+ }
+
+ public static void doLocalGets(Integer num) {
+
+ doLocalGetsP(num.intValue(), false);
+ }
+
+ public static void doNPuts(Integer num) {
+
+ doPutsP(num, new Integer(NO_EXCEPTION), true);
+ }
+
+ public static void doNPuts(Integer num, Integer expectedResult) {
+
+ doPutsP(num, expectedResult, true);
+ }
+
+ public static void doNGets(Integer num) {
+
+ doGetsP(num, new Integer(NO_EXCEPTION), true);
+ }
+
+ public static void doNGets(Integer num, Integer expectedResult) {
+
+ doGetsP(num, expectedResult, true);
+ }
+
+ public static void doNLocalGets(Integer num) {
+
+ doLocalGetsP(num.intValue(), true);
+ }
+
+ public static void doSimpleGet(String expectedResult) {
+ if (regionRef != null) {
+ try {
+ regionRef.get("KEY");
+ if (expectedResult != null && expectedResult.endsWith("Exception")) {
+ fail("Expected " + expectedResult + " but found none in doSimpleGet()");
+ }
+ } catch (Exception e) {
+ if (!e.getClass().getSimpleName().endsWith(expectedResult)) {
+ fail("Expected " + expectedResult + " but found "
+ + e.getClass().getSimpleName() + " in doSimpleGet()");
+ } else {
+ getLogWriter().fine(
+ "Got expected " + e.getClass().getSimpleName()
+ + " in doSimpleGet()");
+ }
+ }
+ }
+ }
+
+ public static void doSimplePut(String expectedResult) {
+ if (regionRef != null) {
+ try {
+ regionRef.put("KEY", "VALUE");
+ if (expectedResult != null && expectedResult.endsWith("Exception")) {
+ fail("Expected " + expectedResult + " but found none in doSimplePut()");
+ }
+ } catch (Exception e) {
+ if (!e.getClass().getSimpleName().endsWith(expectedResult)) {
+ fail("Expected " + expectedResult + " but found "
+ + e.getClass().getSimpleName() + " in doSimplePut()", e);
+ } else {
+ getLogWriter().fine(
+ "Got expected " + e.getClass().getSimpleName()
+ + " in doSimplePut()");
+ }
+ }
+ }
+ }
+ // Deal with javax SSL properties
+
+ private static void makeNullStaticField(Class cls) {
+
+ Field[] fields = cls.getDeclaredFields();
+ for (int index = 0; index < fields.length; ++index) {
+ Field field = fields[index];
+ try {
+ if (Modifier.isStatic(field.getModifiers())) {
+ field.setAccessible(true);
+ if (field.getClass().equals(boolean.class)) {
+ field.setBoolean(null, false);
+ assertFalse(field.getBoolean(null));
+ }
+ else if (cls.isInstance(field.get(null))) {
+ field.set(null, null);
+ assertNull(field.get(null));
+ }
+ }
+ }
+ catch (IllegalAccessException ex) {
+ getLogWriter()
+ .warning("Exception while clearing static SSL field.", ex);
+ }
+ catch (ClassCastException ex) {
+ getLogWriter()
+ .warning("Exception while clearing static SSL field.", ex);
+ }
+ }
+ }
+
+ private static void makeNullSSLFields(Object obj, Map fieldMap) {
+
+ Iterator fieldIter = fieldMap.entrySet().iterator();
+ while (fieldIter.hasNext()) {
+ Map.Entry entry = (Map.Entry)fieldIter.next();
+ Field field = (Field)entry.getKey();
+ Object fieldObj = entry.getValue();
+ try {
+ field.setAccessible(true);
+ makeNullStaticField(fieldObj.getClass());
+ field.set(obj, null);
+ assertNull(field.get(obj));
+ }
+ catch (IllegalAccessException ex) {
+ getLogWriter().warning("Exception while clearing SSL fields.", ex);
+ }
+ }
+ }
+
+ private static HashMap getSSLFields(Object obj, Class[] classes) {
+
+ HashMap resultFields = new HashMap();
+ Field[] fields = obj.getClass().getDeclaredFields();
+ for (int index = 0; index < fields.length; ++index) {
+ Field field = fields[index];
+ try {
+ field.setAccessible(true);
+ Object fieldObj = field.get(obj);
+ boolean isInstance = false;
+ for (int classIndex = 0; classIndex < classes.length; ++classIndex) {
+ if ((isInstance = classes[classIndex].isInstance(fieldObj)) == true) {
+ break;
+ }
+ }
+ if (isInstance) {
+ resultFields.put(field, fieldObj);
+ }
+ }
+ catch (IllegalAccessException ex) {
+ getLogWriter().warning("Exception while getting SSL fields.", ex);
+ }
+ }
+ return resultFields;
+ }
+
+ // This is a hack using reflection to clear the static objects in JSSE since
+ // otherwise changing the javax.* store related properties has no effect
+ // during the course of running dunit suite unless the VMs are restarted.
+ public static void clearStaticSSLContext() {
+
+ ServerSocketFactory defaultServerFact = SSLServerSocketFactory.getDefault();
+ // Get the class of this and use reflection to blank out any static
+ // SSLContext objects inside
+ Map contextMap = getSSLFields(defaultServerFact, new Class[] {
+ SSLContext.class, SSLContextSpi.class });
+ makeNullSSLFields(defaultServerFact, contextMap);
+ Iterator contextObjsIter = contextMap.values().iterator();
+ while (contextObjsIter.hasNext()) {
+ Object contextObj = contextObjsIter.next();
+ Map contextObjsMap = getSSLFields(contextObj, new Class[] {
+ TrustManager.class, KeyManager.class, TrustManager[].class,
+ KeyManager[].class });
+ makeNullSSLFields(contextObj, contextObjsMap);
+ }
+ makeNullStaticField(SSLServerSocketFactory.class);
+
+ // Do the same for normal SSL socket factory
+ SocketFactory defaultFact = SSLSocketFactory.getDefault();
+ contextMap = getSSLFields(defaultFact, new Class[] { SSLContext.class,
+ SSLContextSpi.class });
+ makeNullSSLFields(defaultFact, contextMap);
+ contextObjsIter = contextMap.values().iterator();
+ while (contextObjsIter.hasNext()) {
+ Object contextObj = contextObjsIter.next();
+ Map contextObjsMap = getSSLFields(contextObj, new Class[] {
+ TrustManager.class, KeyManager.class, TrustManager[].class,
+ KeyManager[].class });
+ makeNullSSLFields(contextObj, contextObjsMap);
+ }
+ makeNullStaticField(SSLSocketFactory.class);
+ makeNullStaticField(SSLContext.class);
+ }
+
+ private static LogWriter getLogger() {
+
+ LogWriter logger = null;
+ DistributedSystem dsys = system;
+ if (dsys == null || !dsys.isConnected()) {
+ while ((dsys = InternalDistributedSystem.getAnyInstance()) != null
+ && !dsys.isConnected()) {
+ }
+ }
+ if (dsys != null && dsys.isConnected()) {
+ logger = dsys.getLogWriter();
+ }
+ return logger;
+ }
+
+ public static void closeCache() {
+
+ LogWriter logger = getLogger();
+ if (logger != null) {
+ removeExpectedExceptions(SecurityTestUtil.expectedExceptions, logger);
+ }
+ if (cache != null && !cache.isClosed()) {
+ DistributedSystem sys = cache.getDistributedSystem();
+ cache.close();
+ sys.disconnect();
+ cache = null;
+ }
+ disconnectFromDS();
+ }
+
+ public static void closeCache(Boolean keepAlive) {
+ LogWriter logger = getLogger();
+ if (logger != null) {
+ removeExpectedExceptions(SecurityTestUtil.expectedExceptions, logger);
+ }
+ if (cache != null && !cache.isClosed()) {
+ DistributedSystem sys = cache.getDistributedSystem();
+ cache.close(keepAlive);
+ sys.disconnect();
+ cache = null;
+ }
+ disconnectFromDS();
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a622d6ec/gemfire-core/src/test/java/templates/security/AuthzCredentialGenerator.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/test/java/templates/security/AuthzCredentialGenerator.java b/gemfire-core/src/test/java/templates/security/AuthzCredentialGenerator.java
new file mode 100644
index 0000000..0e1ccf6
--- /dev/null
+++ b/gemfire-core/src/test/java/templates/security/AuthzCredentialGenerator.java
@@ -0,0 +1,465 @@
+
+package templates.security;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+
+import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
+import com.gemstone.gemfire.security.AccessControl;
+
+/**
+ * Encapsulates obtaining authorized and unauthorized credentials for a given
+ * operation in a region. Implementations will be for different kinds of
+ * authorization scheme and authentication scheme combos.
+ *
+ * @author sumedh
+ * @since 5.5
+ */
+public abstract class AuthzCredentialGenerator {
+
+ /**
+ * Enumeration for various {@link AuthzCredentialGenerator} implementations.
+ *
+ * The following schemes are supported as of now:
+ * <ul>
+ * <li><code>DummyAuthorization</code> with <code>DummyAuthenticator</code></li>
+ * <li><code>XMLAuthorization</code> with <code>DummyAuthenticator</code></li>
+ * <li><code>XMLAuthorization</code> with <code>LDAPAuthenticator</code></li>
+ * <li><code>XMLAuthorization</code> with <code>PKCSAuthenticator</code></li>
+ * <li><code>XMLAuthorization</code> when using SSL sockets</li>
+ * </ul>
+ *
+ * To add a new authorization scheme the following needs to be done:
+ * <ul>
+ * <li>Add implementation for {@link AccessControl}.</li>
+ * <li>Choose the authentication schemes that it shall work with from
+ * {@link CredentialGenerator.ClassCode}</li>
+ * <li>Add a new enumeration value for the scheme in this class. Notice the
+ * size of <code>VALUES</code> array and increase that if it is getting
+ * overflowed. Note the methods and fields for existing schemes and add for
+ * the new one in a similar manner.</li>
+ * <li>Add an implementation for {@link AuthzCredentialGenerator}. Note the
+ * {@link AuthzCredentialGenerator#init} method where different authentication
+ * schemes can be passed and initialize differently for the authentication
+ * schemes that shall be handled.</li>
+ * <li>Modify the {@link AuthzCredentialGenerator#create} method to add
+ * creation of an instance of the new implementation for the
+ * <code>ClassCode</code> enumeration value.</li>
+ * </ul>
+ * All dunit tests will automagically start testing the new implementation
+ * after this.
+ *
+ * @author sumedh
+ * @since 5.5
+ */
+ public static final class ClassCode {
+
+ private static final byte ID_DUMMY = 1;
+
+ private static final byte ID_XML = 2;
+
+ private static byte nextOrdinal = 0;
+
+ private static final ClassCode[] VALUES = new ClassCode[10];
+
+ private static final Map CodeNameMap = new HashMap();
+
+ public static final ClassCode DUMMY = new ClassCode(
+ "templates.security.DummyAuthorization.create", ID_DUMMY);
+
+ public static final ClassCode XML = new ClassCode(
+ "templates.security.XmlAuthorization.create", ID_XML);
+
+ /** The name of this class. */
+ private final String name;
+
+ /** byte used as ordinal to represent this class */
+ private final byte ordinal;
+
+ /**
+ * One of the following: ID_DUMMY, ID_LDAP, ID_PKI
+ */
+ private final byte classType;
+
+ /** Creates a new instance of class code. */
+ private ClassCode(String name, byte classType) {
+ this.name = name;
+ this.classType = classType;
+ this.ordinal = nextOrdinal++;
+ VALUES[this.ordinal] = this;
+ CodeNameMap.put(name, this);
+ }
+
+ public boolean isDummy() {
+ return (this.classType == ID_DUMMY);
+ }
+
+ public boolean isXml() {
+ return (this.classType == ID_XML);
+ }
+
+ /**
+ * Returns the <code>ClassCode</code> represented by specified ordinal.
+ */
+ public static ClassCode fromOrdinal(byte ordinal) {
+ return VALUES[ordinal];
+ }
+
+ /**
+ * Returns the <code>ClassCode</code> represented by specified string.
+ */
+ public static ClassCode parse(String operationName) {
+ return (ClassCode)CodeNameMap.get(operationName);
+ }
+
+ /**
+ * Returns all the possible values.
+ */
+ public static List getAll() {
+ List codes = new ArrayList();
+ Iterator iter = CodeNameMap.values().iterator();
+ while (iter.hasNext()) {
+ codes.add(iter.next());
+ }
+ return codes;
+ }
+
+ /**
+ * Returns the ordinal for this class code.
+ *
+ * @return the ordinal of this class code.
+ */
+ public byte toOrdinal() {
+ return this.ordinal;
+ }
+
+ /**
+ * Returns a string representation for this class code.
+ *
+ * @return the name of this class code.
+ */
+ final public String toString() {
+ return this.name;
+ }
+
+ /**
+ * Indicates whether other object is same as this one.
+ *
+ * @return true if other object is same as this one.
+ */
+ @Override
+ final public boolean equals(final Object obj) {
+ if (obj == this) {
+ return true;
+ }
+ if (!(obj instanceof ClassCode)) {
+ return false;
+ }
+ final ClassCode other = (ClassCode)obj;
+ return (other.ordinal == this.ordinal);
+ }
+
+ /**
+ * Indicates whether other <code>ClassCode</code> is same as this one.
+ *
+ * @return true if other <code>ClassCode</code> is same as this one.
+ */
+ final public boolean equals(final ClassCode opCode) {
+ return (opCode != null && opCode.ordinal == this.ordinal);
+ }
+
+ /**
+ * Returns a hash code value for this <code>ClassCode</code> which is the
+ * same as its ordinal.
+ *
+ * @return the ordinal of this <code>ClassCode</code>.
+ */
+ @Override
+ final public int hashCode() {
+ return this.ordinal;
+ }
+
+ }
+
+ /**
+ * The {@link CredentialGenerator} being used.
+ */
+ protected CredentialGenerator cGen;
+
+ /**
+ * A set of system properties that should be added to the gemfire system
+ * properties before using the authorization module.
+ */
+ private Properties sysProps;
+
+ /**
+ * A factory method to create a new instance of an
+ * {@link AuthzCredentialGenerator} for the given {@link ClassCode}. Caller
+ * is supposed to invoke {@link AuthzCredentialGenerator#init} immediately
+ * after obtaining the instance.
+ *
+ * @param classCode
+ * the <code>ClassCode</code> of the
+ * <code>AuthzCredentialGenerator</code> implementation
+ *
+ * @return an instance of <code>AuthzCredentialGenerator</code> for the
+ * given class code
+ */
+ public static AuthzCredentialGenerator create(ClassCode classCode) {
+ switch (classCode.classType) {
+ case ClassCode.ID_DUMMY:
+ return new DummyAuthzCredentialGenerator();
+ case ClassCode.ID_XML:
+ return new XmlAuthzCredentialGenerator();
+ default:
+ return null;
+ }
+ }
+
+ /**
+ * Initialize the authorized credential generator.
+ *
+ * @param cGen
+ * an instance of {@link CredentialGenerator} of the credential
+ * implementation for which to obtain authorized/unauthorized
+ * credentials.
+ *
+ * @return false when the given {@link CredentialGenerator} is incompatible
+ * with this authorization module.
+ */
+ public boolean init(CredentialGenerator cGen) {
+ this.cGen = cGen;
+ try {
+ this.sysProps = init();
+ }
+ catch (IllegalArgumentException ex) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ *
+ * @return A set of extra properties that should be added to Gemfire system
+ * properties when not null.
+ */
+ public Properties getSystemProperties() {
+ return this.sysProps;
+ }
+
+ /**
+ * Get the {@link CredentialGenerator} being used by this instance.
+ */
+ public CredentialGenerator getCredentialGenerator() {
+ return this.cGen;
+ }
+
+ /**
+ * The {@link ClassCode} of the particular implementation.
+ *
+ * @return the <code>ClassCode</code>
+ */
+ public abstract ClassCode classCode();
+
+ /**
+ * The name of the {@link AccessControl} factory function that should be used
+ * as the authorization module on the server side.
+ *
+ * @return name of the <code>AccessControl</code> factory function
+ */
+ public abstract String getAuthorizationCallback();
+
+ /**
+ * Get a set of credentials generated using the given index allowed to perform
+ * the given {@link OperationCode}s for the given regions.
+ *
+ * @param opCodes
+ * the list of {@link OperationCode}s of the operations
+ * requiring authorization; should not be null
+ * @param regionNames
+ * list of the region names requiring authorization; a value of
+ * null indicates all regions
+ * @param index
+ * used to generate multiple such credentials by passing
+ * different values for this
+ *
+ * @return the set of credentials authorized to perform the given operation in
+ * the given regions
+ */
+ public Properties getAllowedCredentials(OperationCode[] opCodes,
+ String[] regionNames, int index) {
+
+ int numTries = getNumPrincipalTries(opCodes, regionNames);
+ if (numTries <= 0) {
+ numTries = 1;
+ }
+ for (int tries = 0; tries < numTries; tries++) {
+ Principal principal = getAllowedPrincipal(opCodes, regionNames,
+ (index + tries) % numTries);
+ try {
+ return this.cGen.getValidCredentials(principal);
+ }
+ catch (IllegalArgumentException ex) {
+ }
+ }
+ return null;
+ }
+
+ /**
+ * Get a set of credentials generated using the given index not allowed to
+ * perform the given {@link OperationCode}s for the given regions. The
+ * credentials are required to be valid for authentication.
+ *
+ * @param opCode
+ * the {@link OperationCode}s of the operations requiring
+ * authorization failure; should not be null
+ * @param regionNames
+ * list of the region names requiring authorization failure; a
+ * value of null indicates all regions
+ * @param index
+ * used to generate multiple such credentials by passing
+ * different values for this
+ *
+ * @return the set of credentials that are not authorized to perform the given
+ * operation in the given region
+ */
+ public Properties getDisallowedCredentials(OperationCode[] opCodes,
+ String[] regionNames, int index) {
+
+ // This may not be very correct since we use the value of
+ // getNumPrincipalTries() but is used to avoid adding another method.
+ // Also something like getNumDisallowedPrincipals() will be normally always
+ // infinite, and the number here is just to perform some number of tries
+ // before giving up.
+ int numTries = getNumPrincipalTries(opCodes, regionNames);
+ if (numTries <= 0) {
+ numTries = 1;
+ }
+ for (int tries = 0; tries < numTries; tries++) {
+ Principal principal = getDisallowedPrincipal(opCodes, regionNames,
+ (index + tries) % numTries);
+ try {
+ return this.cGen.getValidCredentials(principal);
+ }
+ catch (IllegalArgumentException ex) {
+ }
+ }
+ return null;
+ }
+
+ /**
+ * Initialize the authorized credential generator.
+ *
+ * Required to be implemented by concrete classes that implement this abstract
+ * class.
+ *
+ * @return A set of extra properties that should be added to Gemfire system
+ * properties when not null.
+ *
+ * @throws IllegalArgumentException
+ * when the {@link CredentialGenerator} is incompatible with
+ * this authorization module.
+ */
+ protected abstract Properties init() throws IllegalArgumentException;
+
+ /**
+ * Get the number of tries to be done for obtaining valid credentials for the
+ * given operations in the given region. It is required that
+ * {@link #getAllowedPrincipal} method returns valid principals for values of
+ * <code>index</code> from 0 through (n-1) where <code>n</code> is the
+ * value returned by this method. It is recommended that the principals so
+ * returned be unique for efficiency.
+ *
+ * This will be used by {@link #getAllowedCredentials} to step through
+ * different principals and obtain a set of valid credentials.
+ *
+ * Required to be implemented by concrete classes that implement this abstract
+ * class.
+ *
+ * @param opCodes
+ * the {@link OperationCode}s of the operations requiring
+ * authorization
+ * @param regionNames
+ * list of the region names requiring authorization; a value of
+ * null indicates all regions
+ * @param index
+ * used to generate multiple such credentials by passing
+ * different values for this
+ *
+ * @return the number of principals allowed to perform the given operation in
+ * the given region
+ */
+ protected abstract int getNumPrincipalTries(OperationCode[] opCodes,
+ String[] regionNames);
+
+ /**
+ * Get a {@link Principal} generated using the given index allowed to perform
+ * the given {@link OperationCode}s for the given region.
+ *
+ * Required to be implemented by concrete classes that implement this abstract
+ * class.
+ *
+ * @param opCodes
+ * the {@link OperationCode}s of the operations requiring
+ * authorization
+ * @param regionNames
+ * list of the region names requiring authorization; a value of
+ * null indicates all regions
+ * @param index
+ * used to generate multiple such principals by passing
+ * different values for this
+ *
+ * @return the {@link Principal} authorized to perform the given operation in
+ * the given region
+ */
+ protected abstract Principal getAllowedPrincipal(OperationCode[] opCodes,
+ String[] regionNames, int index);
+
+ /**
+ * Get a {@link Principal} generated using the given index not allowed to
+ * perform the given {@link OperationCode}s for the given region.
+ *
+ * Required to be implemented by concrete classes that implement this abstract
+ * class.
+ *
+ * @param opCodes
+ * the {@link OperationCode}s of the operations requiring
+ * authorization failure
+ * @param regionNames
+ * list of the region names requiring authorization failure; a
+ * value of null indicates all regions
+ * @param index
+ * used to generate multiple such principals by passing
+ * different values for this
+ *
+ * @return a {@link Principal} not authorized to perform the given operation
+ * in the given region
+ */
+ protected abstract Principal getDisallowedPrincipal(OperationCode[] opCodes,
+ String[] regionNames, int index);
+}