[geode-native] branch develop updated: GEODE-6043: Improve Auth example (#405)

[mm...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

mmartell pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/geode-native.git


The following commit(s) were added to refs/heads/develop by this push:
     new f19b552  GEODE-6043: Improve Auth example (#405)
f19b552 is described below

commit f19b552c9c9ec68c3f2abeb227b8b0e1e90012ea
Author: Michael Martell <mm...@pivotal.io>
AuthorDate: Fri Nov 16 14:58:14 2018 -0800

    GEODE-6043: Improve Auth example (#405)
    
    * Improve Auth example
        - Implement end to end authentication
        - Updated function-execution script deploy command
        - Rename DummyAuth to SimpleAuth
        - Remove unneccessary java class comments
        - Checkin clang-format change to ExecutionImpl.cpp to fix Tracis CI.
---
 cppcache/src/ExecutionImpl.cpp                     |  5 +-
 examples/cpp/function-execution/startserver.sh     |  2 +-
 .../dotnet/AuthInitialize/ExampleAuthInitialize.cs |  4 +-
 examples/dotnet/AuthInitialize/README.md           | 29 ++++----
 examples/dotnet/AuthInitialize/startserver.ps1     | 10 ++-
 examples/utilities/CMakeLists.txt                  |  3 +
 examples/utilities/CMakeLists.txt.in               |  3 +-
 examples/utilities/SimpleAuthenticator.java        | 84 ++++++++++++++++++++++
 examples/utilities/UserPasswordAuthInit.java       | 81 +++++++++++++++++++++
 examples/utilities/UsernamePrincipal.java          | 43 +++++++++++
 10 files changed, 242 insertions(+), 22 deletions(-)

diff --git a/cppcache/src/ExecutionImpl.cpp b/cppcache/src/ExecutionImpl.cpp
index 10de65b..516a5d5 100644
--- a/cppcache/src/ExecutionImpl.cpp
+++ b/cppcache/src/ExecutionImpl.cpp
@@ -131,9 +131,8 @@ std::shared_ptr<ResultCollector> ExecutionImpl::execute(
   serverOptimizeForWrite = ((attr->at(2) == 1) ? true : false);
 
   LOGDEBUG(
-      "ExecutionImpl::execute got functionAttributes from server for function = "
-      "%s serverHasResult = %d "
-      " serverIsHA = %d serverOptimizeForWrite = %d ",
+      "ExecutionImpl::execute got functionAttributes from server for function "
+      "= %s serverHasResult = %d serverIsHA = %d serverOptimizeForWrite = %d ",
       func.c_str(), serverHasResult, serverIsHA, serverOptimizeForWrite);
 
   if (serverHasResult == false) {
diff --git a/examples/cpp/function-execution/startserver.sh b/examples/cpp/function-execution/startserver.sh
index 057c379..9f6c8e8 100755
--- a/examples/cpp/function-execution/startserver.sh
+++ b/examples/cpp/function-execution/startserver.sh
@@ -29,6 +29,6 @@ else
     fi
 fi
 
-$GFSH_PATH  -e "start locator --name=locator" -e "deploy --jar=./example.jar" -e "start server --name=the-server --server-port=50505"  -e "create region --name=partition_region --type=PARTITION"
+$GFSH_PATH  -e "start locator --name=locator" -e "deploy --jar=../../utilities/example.jar" -e "start server --name=the-server --server-port=50505"  -e "create region --name=partition_region --type=PARTITION"
 
 
diff --git a/examples/dotnet/AuthInitialize/ExampleAuthInitialize.cs b/examples/dotnet/AuthInitialize/ExampleAuthInitialize.cs
index 022937f..103e6ff 100644
--- a/examples/dotnet/AuthInitialize/ExampleAuthInitialize.cs
+++ b/examples/dotnet/AuthInitialize/ExampleAuthInitialize.cs
@@ -40,8 +40,8 @@ namespace Apache.Geode.Examples.AuthInitialize
       Console.Out.WriteLine("ExampleAuthInitialize::GetCredentials called");
 
       var credentials = new Properties<string, object>();
-      credentials.Insert("username", "john");
-      credentials.Insert("password", "secret");
+      credentials.Insert("security-username", "root");
+      credentials.Insert("security-password", "root");
       return credentials;
     }
   }
diff --git a/examples/dotnet/AuthInitialize/README.md b/examples/dotnet/AuthInitialize/README.md
index 3298edf..45da800 100644
--- a/examples/dotnet/AuthInitialize/README.md
+++ b/examples/dotnet/AuthInitialize/README.md
@@ -1,24 +1,29 @@
 # AuthInitialize Example
 This example shows how to create and register a custom `IAuthIntialize` authentication
-handler. 
+handler on the client that authenticates against a server that was started with the corresponding authenticator. 
 
 ## Prerequisites
 * Install [Apache Geode](https://geode.apache.org)
 * Build and install [Apache Geode Native](https://github.com/apache/geode-native)
+* Apache Geode Native examples, built and installed.
+* A `GEODE_HOME` environment variable set to the location of the Apache Geode installation.
+* `GEODE_HOME/bin` in the execution path.
 
 ## Running
-* Start Geode Server and create region.
+1. Set the current directory to the `AuthInitialize` directory in your example workspace.
+
   ```
-  gfsh>start locator --name=locator
-  gfsh>start server --name=server
-  gfsh>create region --name=region --type=PARTITION
+  $ cd workspace/examples/dotnet/AuthInitialize
   ```
-* Execute `Apache.Geode.Examples.AuthInitialize.exe`.
-  
-  output:
+
+2. Run the `startserver.ps1` script to start the Geode cluster with authentication and create a region.
+
+3. Execute `AuthInitialize.exe`:
+
   ```
-  ExampleAuthInitialize::ExampleAuthInitialize called
-  ExampleAuthInitialize::GetCredentials called
-  a = 1
-  b = 2
+.\AuthInitialize.exe
+ExampleAuthInitialize::ExampleAuthInitialize called
+ExampleAuthInitialize::GetCredentials called
+a = 1
+b = 2
   ```
diff --git a/examples/dotnet/AuthInitialize/startserver.ps1 b/examples/dotnet/AuthInitialize/startserver.ps1
index 8c99be1..354e7c3 100644
--- a/examples/dotnet/AuthInitialize/startserver.ps1
+++ b/examples/dotnet/AuthInitialize/startserver.ps1
@@ -35,5 +35,11 @@ else
 
 if ($GFSH_PATH -ne "")
 {
-   Invoke-Expression "$GFSH_PATH -e 'start locator --name=locator --dir=$PSScriptRoot\locator' -e 'start server --name=server --dir=$PSScriptRoot\server' -e 'create region --name=region --type=PARTITION'"
-}
\ No newline at end of file
+  # Set this variable to include your java object that implements the Authenticator class
+  $RESOLVEDPATH = Resolve-Path -Path "$PSScriptRoot/../../utilities/example.jar"
+
+  # Set this variable to the full name of your Authenticator.create function
+  $AUTHENTICATOR = 'javaobject.SimpleAuthenticator.create'
+
+  Invoke-Expression "$GFSH_PATH -e 'start locator --name=locator --dir=$PSScriptRoot\locator' -e 'start server --name=server --classpath=$RESOLVEDPATH --J=-Dgemfire.security-client-authenticator=$AUTHENTICATOR --dir=$PSScriptRoot\server' -e 'create region --name=region --type=PARTITION'"
+}
diff --git a/examples/utilities/CMakeLists.txt b/examples/utilities/CMakeLists.txt
index 824a8ff..0fe49ba 100644
--- a/examples/utilities/CMakeLists.txt
+++ b/examples/utilities/CMakeLists.txt
@@ -22,5 +22,8 @@ configure_file(${CMAKE_CURRENT_SOURCE_DIR}/CMakeLists.txt.in ${CMAKE_CURRENT_BIN
 install(FILES
   ${CMAKE_CURRENT_BINARY_DIR}/CMakeLists.txt
   ${CMAKE_CURRENT_SOURCE_DIR}/ExampleMultiGetFunction.java
+  ${CMAKE_CURRENT_SOURCE_DIR}/SimpleAuthenticator.java
+  ${CMAKE_CURRENT_SOURCE_DIR}/UserPasswordAuthInit.java
+  ${CMAKE_CURRENT_SOURCE_DIR}/UsernamePrincipal.java
   DESTINATION examples/utilities)
 
diff --git a/examples/utilities/CMakeLists.txt.in b/examples/utilities/CMakeLists.txt.in
index 48cdc1a..c46dfa8 100644
--- a/examples/utilities/CMakeLists.txt.in
+++ b/examples/utilities/CMakeLists.txt.in
@@ -26,6 +26,5 @@ file(GLOB_RECURSE SOURCES "*.java")
 
 add_jar(example ${SOURCES}
   INCLUDE_JARS ${Geode_CLASSPATH}
-  OUTPUT_DIR ${CMAKE_CURRENT_SOURCE_DIR}/../cpp/function-execution
+  OUTPUT_DIR ${CMAKE_CURRENT_SOURCE_DIR}../
 )
-
diff --git a/examples/utilities/SimpleAuthenticator.java b/examples/utilities/SimpleAuthenticator.java
new file mode 100644
index 0000000..68f0909
--- /dev/null
+++ b/examples/utilities/SimpleAuthenticator.java
@@ -0,0 +1,84 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package javaobject;
+
+import java.security.Principal;
+import java.util.Properties;
+
+import org.apache.geode.LogWriter;
+import org.apache.geode.distributed.DistributedMember;
+import org.apache.geode.security.AuthenticationFailedException;
+import org.apache.geode.security.Authenticator;
+import javaobject.UserPasswordAuthInit;
+import javaobject.UsernamePrincipal;
+
+/**
+ * A dummy implementation of the {@link Authenticator} interface that expects a
+ * user name and password allowing authentication depending on the format of the
+ * user name.
+ * 
+ */
+public class SimpleAuthenticator implements Authenticator {
+
+  public static Authenticator create() {
+    return new SimpleAuthenticator();
+  }
+
+  public SimpleAuthenticator() {
+  }
+
+  public void init(Properties systemProps, LogWriter systemLogger,
+      LogWriter securityLogger) throws AuthenticationFailedException {
+  }
+
+  public static boolean testValidName(String userName) {
+
+    return (userName.startsWith("user") || userName.startsWith("reader")
+        || userName.startsWith("writer") || userName.equals("admin")
+        || userName.equals("root") || userName.equals("administrator"));
+  }
+
+  public Principal authenticate(Properties props, DistributedMember member)
+      throws AuthenticationFailedException {
+
+    String userName = props.getProperty(UserPasswordAuthInit.USER_NAME);
+    if (userName == null) {
+      throw new AuthenticationFailedException(
+          "SimpleAuthenticator: user name property ["
+              + UserPasswordAuthInit.USER_NAME + "] not provided");
+    }
+    String password = props.getProperty(UserPasswordAuthInit.PASSWORD);
+    if (password == null) {
+      throw new AuthenticationFailedException(
+          "SimpleAuthenticator: password property ["
+              + UserPasswordAuthInit.PASSWORD + "] not provided");
+    }
+
+    if (userName.equals(password) && testValidName(userName)) {
+      return new UsernamePrincipal(userName);
+    }
+    else {
+      throw new AuthenticationFailedException(
+          "SimpleAuthenticator: Invalid user name [" + userName
+              + "], password supplied.");
+    }
+  }
+
+  public void close() {
+  }
+
+}
diff --git a/examples/utilities/UserPasswordAuthInit.java b/examples/utilities/UserPasswordAuthInit.java
new file mode 100644
index 0000000..d40ba67
--- /dev/null
+++ b/examples/utilities/UserPasswordAuthInit.java
@@ -0,0 +1,81 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package javaobject;
+
+import java.util.Properties;
+
+import org.apache.geode.LogWriter;
+import org.apache.geode.distributed.DistributedMember;
+import org.apache.geode.security.AuthInitialize;
+import org.apache.geode.security.AuthenticationFailedException;
+
+/**
+ * An {@link AuthInitialize} implementation that obtains the user name and
+ * password as the credentials from the given set of properties.
+ * 
+ * To use this class the <c>security-client-auth-init</c> property should be
+ * set to the fully qualified name the static <code>create</code> function
+ * viz. <code>templates.security.UserPasswordAuthInit.create</code>
+ *
+ */
+public class UserPasswordAuthInit implements AuthInitialize {
+
+  public static final String USER_NAME = "security-username";
+
+  public static final String PASSWORD = "security-password";
+
+  protected LogWriter securitylog;
+
+  protected LogWriter systemlog;
+
+  public static AuthInitialize create() {
+    return new UserPasswordAuthInit();
+  }
+
+  public void init(LogWriter systemLogger, LogWriter securityLogger)
+      throws AuthenticationFailedException {
+    this.systemlog = systemLogger;
+    this.securitylog = securityLogger;
+  }
+
+  public UserPasswordAuthInit() {
+  }
+
+  public Properties getCredentials(Properties props, DistributedMember server,
+      boolean isPeer) throws AuthenticationFailedException {
+
+    Properties newProps = new Properties();
+    String userName = props.getProperty(USER_NAME);
+    if (userName == null) {
+      throw new AuthenticationFailedException(
+          "UserPasswordAuthInit: user name property [" + USER_NAME
+              + "] not set.");
+    }
+    newProps.setProperty(USER_NAME, userName);
+    String passwd = props.getProperty(PASSWORD);
+    // If password is not provided then use empty string as the password.
+    if (passwd == null) {
+      passwd = "";
+    }
+    newProps.setProperty(PASSWORD, passwd);
+    return newProps;
+  }
+
+  public void close() {
+  }
+
+}
diff --git a/examples/utilities/UsernamePrincipal.java b/examples/utilities/UsernamePrincipal.java
new file mode 100644
index 0000000..faeb770
--- /dev/null
+++ b/examples/utilities/UsernamePrincipal.java
@@ -0,0 +1,43 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package javaobject;
+
+import java.io.Serializable;
+import java.security.Principal;
+
+/**
+ * An implementation of {@link Principal} class for a simple user name.
+ * 
+ */
+public class UsernamePrincipal implements Principal, Serializable {
+
+  private final String userName;
+
+  public UsernamePrincipal(String userName) {
+    this.userName = userName;
+  }
+
+  public String getName() {
+    return this.userName;
+  }
+
+  @Override
+  public String toString() {
+    return this.userName;
+  }
+
+}